diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000000000000000000000000000000000000..e6dd9bc2a1955581484af9a60fd89ef0fc8e8211
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,98 @@
+Enabling persistent logging in journald
+=======================================
+
+To enable persistent logging, create /var/log/journal:
+
+ mkdir -p /var/log/journal
+ systemd-tmpfiles --create --prefix /var/log/journal
+
+systemd will make the journal files owned by the "systemd-journal" group and
+add an ACL for read permissions for users in the "adm" group.
+To grant a user read access to the system journal, add them to one of the two
+groups.
+
+This will allow you to look at previous boot logs with e. g.
+"journalctl -b -1".
+
+If you enable persistent logging, consider uninstalling rsyslog or any other
+system-log-daemon, to avoid logging everything twice.
+
+Debugging boot/shutdown problems
+================================
+
+The "debug-shell" service starts a root shell on VT 9 which is available very
+early during boot and very late during shutdown. You can temporarily enable
+this when booting the system does not get sufficiently far to get a desktop or
+even the text console logins (getty), or when shutdown hangs eternally.
+
+For boot problems the recommended way is to append "systemd.debug-shell" to the
+kernel command line in the bootloader.
+For shutdown problems, run "systemctl start debug-shell" as root, then shut
+down.
+
+WARNING: Please avoid "systemctl enable debug-shell" as this will start the
+debug shell permanently which is a SECURITY HOLE as it allows unauthenticated
+and unrestricted root access to your computer if you forget to disable it!
+Please only enable it if you cannot pass "systemd.debug-shell" to the boot
+loader for some reason, and then immediately run "systemctl disable debug-shell"
+after booting.
+
+Once the boot/shutdown problem happened, switch to VT9 (Ctrl+Alt+F9). There you
+can use the usual systemctl or journalctl commands, or any other Linux shell
+command to list or kill processes. For example, run "systemctl list-jobs" to
+see what's currently being run, or "systemctl" to find units which are not in
+the expected state (e. g. "failed" for boot or still "active" during shutdown),
+and then get more detailed information with "systemctl status -l foo.service"
+to get a service "foo"'s status and recent logging.
+
+In situations where the debug shell is not available, you can generate a
+/shutdown-log.txt file instead:
+1. Boot with these kernel command line options:
+ systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M
+2. Save the following script as /lib/systemd/system-shutdown/debug.sh and make it executable:
+ #!/bin/sh
+ mount -o remount,rw /
+ dmesg > /shutdown-log.txt
+ mount -o remount,ro /
+3. Reboot
+
+Enable and use networkd
+=======================
+networkd is a small and lean service to configure network interfaces, designed
+mostly for server use cases in a world with hotplugged and virtualized
+networking. Its configuration is similar in spirit and abstraction level to
+ifupdown, but you don't need any extra packages to configure bridges, bonds,
+vlan etc. It is not very suitable for managing WLANs yet; NetworkManager is
+still much more appropriate for such Desktop use cases.
+
+networkd is not enabled by default; run
+
+ systemctl enable systemd-networkd
+
+if you want to use it. After that you need to create some *.network
+configuration files. In the simplest case you just want to run DHCP on all
+available Ethernet interfaces:
+
+--- /etc/systemd/network/all-eth.network ---
+[Match]
+Name=e*
+[Network]
+DHCP=yes
+
+This will match on both the kernel "ethN" as well as the predictable interface
+names "en*". Please see man systemd.network(5) for all available configuration
+options and examples.
+
+You need to make sure that interfaces handled by networkd are not handled by
+ifupdown (/etc/network/interfaces) and NetworkManager.
+
+Note that interfaces brought up/down will *not* run hooks in
+/etc/network/if-*.d/.
+
+It is recommended to use networkd together with systemd-resolved(8) to
+dynamically manage /etc/resolv.conf:
+
+ systemctl enable systemd-resolved
+ ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
+
+Debian's networkd has been modified to also work with the resolvconf package.
diff --git a/debian/README.source b/debian/README.source
new file mode 100644
index 0000000000000000000000000000000000000000..e3ba8cf46842af07b277f75b6eef6a0b8598ed04
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,103 @@
+Building from source
+--------------------
+Install “git-buildpackage†and run the following steps:
+
+ gbp clone git+ssh://git.debian.org/git/pkg-systemd/systemd.git
+ cd systemd
+ gbp buildpackage
+
+We recommend you use pbuilder to make sure you build in a clean environment:
+
+ gbp buildpackage --git-pbuilder
+
+Changelog
+---------
+The systemd package uses gbp dch for automatically generating
+debian/changelog entries from the corresponding git commits. This makes
+cherry-picking, merging, and rebasing much simpler.
+
+Thus, for any packaging change *don't* modify debian/changelog, just write a
+meaningful git commit log with proper bug references (such as "Closes: #12345"
+on the last line). For doing a release, run
+
+ gbp dch --auto
+
+then beautify the generated debian/changelog, then run the usual "dch -r" and
+"debcommit -ar --sign-tags".
+
+Patch handling
+--------------
+The systemd package uses gbp pq for maintaining patches with a git-like
+workflow in a "patch-queue/<branch>" local branch and then exporting them as
+quilt series. For working on patches you run
+
+ gbp pq import --force
+
+Then you are in the patch-queue branch and can git log, commit, cherry-pick
+upstream commits, rebase, etc. there. After you are done, run
+
+ gbp pq export
+
+which will put you back into master and update debian/patches/ (including
+series). You need to git add etc. new patches, possibly other
+packaging changes, and then git commit as usual.
+
+systemd uses gbp pq's "topic" branches for organizing patches; for simplicity
+(as this is the most common operation), upstream cherry-picks go into the
+"empty" topic (i. e. directly into debian/patches/), while Debian specific
+patches go into "Gbp-Pq: Topic debian" (i. e. debian/patches/debian/).
+
+Rebasing patches to a new upstream version
+------------------------------------------
+gbp pq's "rebase" command does not work very conveniently as it fails on merge
+conflicts. First, ensure you are in the master branch:
+
+ git checkout master # in case you aren't already
+
+Now, do one of
+
+ (1) To import a new upstream release into the existing master branch for unstable,
+do:
+
+ gbp pq import --force
+ gbp pq switch # switch back to master from patch-queue/master
+ gbp import-orig [...]
+ gbp pq switch # switch to patch-queue/master
+ git rebase master
+
+ (2) To import a new upstream release into a new branch for Debian experimental, do:
+
+ git branch experimental
+ git checkout experimental
+ editor debian/gbp.conf # set "debian-branch=experimental"
+ gbp import-orig [...]
+ git branch patch-queue/experimental patch-queue/master
+ git checkout patch-queue/experimental
+ git rebase experimental
+
+Now resolve all the conflicts, skip obsolete patches, etc. When you are done, run
+
+ gbp pq export
+
+Note that our debian/gbp.conf disables patch numbers.
+
+Cherry-picking upstream patches
+-------------------------------
+You can add the systemd upstream branch as an additional remote to the Debian
+packaging branch. Call it "github" or similar to avoid confusing it with the
+already existing "upstream" branch from git-buildpackage:
+
+ git remote add github https://github.com/systemd/systemd.git
+ git fetch github -n
+
+Now you can look at the upstream log and cherry-pick patches into the
+patch-queue branch:
+
+ gbp pq import --force
+ git log github/master
+ git cherry-pick 123DEADBEEF
+
+debian/git-cherry-pick is a nice tool to automate all that:
+
+ debian/git-cherry-pick 123DEADBEEF 987654 AFFE99
+ git checkout master # switch back from patch-queue branch
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000000000000000000000000000000000000..3a62cfba193326d15a95bbbbf5b1d3cb6633a1d2
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5498 @@
+systemd (240-5) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Revert interface renaming changes. (Closes: #919390)
+
+ [ Martin Pitt ]
+ * process-util: Fix memory leak (Closes: #920018)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 27 Jan 2019 21:33:07 +0000
+
+systemd (240-4) unstable; urgency=medium
+
+ [ Benjamin Drung ]
+ * Fix shellcheck issues in initramfs-tools scripts
+
+ [ Michael Biebl ]
+ * Import patches from v240-stable branch (up to f02b5472c6)
+ - Fixes a problem in logind closing the controlling terminal when using
+ startx. (Closes: #918927)
+ - Fixes various journald vulnerabilities via attacker controlled alloca.
+ (CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848)
+ * sd-device-monitor: Fix ordering of setting buffer size.
+ Fixes an issue with uevents not being processed properly during coldplug
+ stage and some kernel modules not being loaded via "udevadm trigger".
+ (Closes: #917607)
+ * meson: Stop setting -fPIE globally.
+ Setting -fPIE globally can lead to miscompilations on certain
+ architectures. Instead use the b_pie=true build option, which was
+ introduced in meson 0.49. Bump the Build-Depends accordingly.
+ (Closes: #909396)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 12 Jan 2019 21:49:44 +0100
+
+systemd (240-3) unstable; urgency=medium
+
+ * udev.init: Trigger add events for subsystems.
+ Update the SysV init script and mimic the behaviour of the initramfs and
+ systemd-udev-trigger.service which first trigger subsystems and then
+ devices during the coldplug stage.
+ * udevadm: Refuse to run trigger, control, settle and monitor commands in
+ chroot (Closes: #917633)
+ * network: Set link state configuring before setting addresses.
+ Fixes a crash in systemd-networkd caused by an assertion failure.
+ (Closes: #918658)
+ * libudev-util: Make util_replace_whitespace() read only len characters.
+ Fixes a regression where /dev/disk/by-id/ names had additional
+ underscores.
+ * man: Update color of journal logs in DEBUG level (Closes: #917948)
+ * Remove old state directory of systemd-timesyncd on upgrades.
+ Otherwise timesyncd will fail to update the clock file if it was created
+ as /var/lib/private/systemd/timesync/clock.
+ This was the case when the service was using DynamicUser=yes which it no
+ longer does in v240. (Closes: #918190)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 09 Jan 2019 18:40:57 +0100
+
+systemd (240-2) unstable; urgency=medium
+
+ * Pass separate dev_t var to device_path_parse_major_minor.
+ Fixes FTBFS on mips/mipsel (MIPS/O32). (Closes: #917195)
+ * test-json: Check absolute and relative difference in floating point test.
+ Fixes FTBFS due to test-suite failures on armel, armhf and hppa.
+ (Closes: #917215)
+ * sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}()
+ Fixes a segfault in systemd-udevd when debug logging is enabled.
+ * udev-event: Do not read stdout or stderr if the pipefd is not created.
+ This fixes problems with device-mapper symlinks no longer being created
+ or certain devices not being marked as ready. (Closes: #917124)
+ * Don't bump fs.nr_open in PID 1.
+ In v240, systemd bumped fs.nr_open in PID 1 to the highest possible
+ value. Processes that are spawned directly by systemd, will have
+ RLIMIT_NOFILE be set to 512K (hard).
+ pam_limits in Debian defaults to "set_all", i.e. for limits which are
+ not explicitly configured in /etc/security/limits.conf, the value from
+ PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to
+ the highest possible value instead of 512K. Not every software is able
+ to deal with such an RLIMIT_NOFILE properly.
+ While this is arguably a questionable default in Debian's pam_limit,
+ work around this problem by not bumping fs.nr_open in PID 1.
+ (Closes: #917167)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 27 Dec 2018 14:03:57 +0100
+
+systemd (240-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 240
+ - core: Skip cgroup_subtree_mask_valid update if UNIT_STUB
+ (Closes: #903011)
+ - machined: Rework referencing of machine scopes from machined
+ (Closes: #903288)
+ - timesync: Fix serialization of IP address
+ (Closes: #916516)
+ - core: Don't track jobs-finishing-during-reload explicitly
+ (Closes: #916678)
+ * Rebase patches
+ * Install new systemd-id128 binary
+ * Update symbols file for libsystemd0
+ * Update nss build options
+
+ [ Martin Pitt ]
+ * tests: Disable some flaky upstream tests.
+ See https://github.com/systemd/systemd/issues/11195
+ * tests: Disable flaky TEST-17-UDEV-WANTS upstream test.
+ See https://github.com/systemd/systemd/issues/11195
+
+ -- Michael Biebl <biebl@debian.org> Sat, 22 Dec 2018 16:01:43 +0100
+
+systemd (239-15) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Fix container check in udev init script.
+ Udev needs writable /sys, so the init script tried to check before
+ starting. Unfortunately, the check was inverted. Let's add the missing
+ '!' to negate the check.
+ (Closes: #915261)
+ * Add myself to uploaders
+
+ [ Michael Biebl ]
+ * Remove obsolete systemd-shim conffile on upgrades.
+ The D-Bus policy file was dropped from the systemd-shim package in
+ version 8-4, but apparently there are cases where users removed the
+ package before that cleanup happened. The D-Bus policy file that was
+ shipped by systemd-shim was much more restrictive and now prevents
+ calling GetDynamicUsers() and other recent APIs on systemd Manager.
+ (Closes: #914285)
+
+ -- Felipe Sateler <fsateler@debian.org> Wed, 05 Dec 2018 21:03:34 -0300
+
+systemd (239-14) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * autopkgtest: Drop test_custom_cgroup_cleanup from boot-and-services
+ * resolved: Increase size of TCP stub replies (Closes: #915049)
+ * meson: Unify linux/stat.h check with other checks and use _GNU_SOURCE.
+ Fixes a build failure with glibc 2.28.
+ * Drop procps dependency from systemd.
+ The systemd-exit.service user service no longer uses the "kill" binary.
+ * Simplify container check in udev SysV init script.
+ Instead of using "ps" to detect a container environment, simply test if
+ /sys is writable. This matches what's used in systemd-udevd.service via
+ ConditionPathIsReadWrite=/sys and follows
+ https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
+ This means we no longer need procps, so drop that dependency from the
+ udev package. (Closes: #915095)
+
+ [ Mert Dirik ]
+ * 40-systemd: Honour __init_d_script_name.
+ Make /lib/lsb/init-functions.d/40-systemd use __init_d_script_name
+ (if available) to figure out real script name. (Closes: #826214)
+ * 40-systemd: Improve heuristics for init-d-script.
+ Improve heuristics for scripts run via init-d-script so that the
+ redirection works even for older init-d-script versions without the
+ __init_d_script_name variable.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 02 Dec 2018 01:00:01 +0100
+
+systemd (239-13) unstable; urgency=medium
+
+ * autopktest: Add e2fsprogs dependency to upstream test.
+ Some of the upstream tests require mkfs.ext4. (Closes: #887250)
+ * systemctl: Tell update-rc.d to skip creating any systemd symlinks.
+ When calling update-rc.d via systemd-sysv-install, tell it to skip
+ creating any systemd symlinks as we want to handle those directly in
+ systemctl. Older update-rc.d versions will ignore that request, but
+ that's ok. This means we don't need a versioned dependency against
+ init-system-helpers. (Closes: #743217)
+ * pam_systemd: Suppress LOG_DEBUG log messages if debugging is off
+ (Closes: #825949)
+ * Drop cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch.
+ The patch is no longer necessary as lxc.service now uses Delegate=yes.
+ * Remove obsolete Replaces from pre-jessie
+
+ -- Michael Biebl <biebl@debian.org> Tue, 20 Nov 2018 19:44:39 +0100
+
+systemd (239-12) unstable; urgency=high
+
+ [ Martin Pitt ]
+ * Enable QEMU on more architectures in "upstream" autopkgtest.
+ Taken from the Ubuntu package, so apparently QEMU works well enough on
+ these architectures now.
+ * autopkgtest: Avoid test bed reset for boot-smoke.
+ Make "boot-smoke"'s dependencies a strict superset of "upstream"'s, so
+ that autopkgtest doesn't have to provide a new testbed.
+ * Fix wrong "nobody" group from sysusers.d.
+ Fix our make-sysusers-basic sysusers.d generator to special-case the
+ nobody group. "nobody" user and "nogroup" group both have the same ID
+ 65534, which is the only special case for Debian's static users/groups.
+ So specify the gid explicitly, to avoid systemd-sysusers creating a
+ dynamic system group for "nobody".
+ Also clean up the group on upgrades.
+ Thanks to Keh-Ming Luoh for the original patch! (Closes: #912525)
+
+ [ Michael Biebl ]
+ * autopkgtest: Use shutil.which() which is provided by Python 3
+ * Drop non-existing gnuefi=false build option.
+ This was mistakenly added when converting from autotools to meson.
+ * core: When deserializing state always use read_line(…, LONG_LINE_MAX, …)
+ Fixes a vulnerability in unit_deserialize which allows an attacker to
+ supply arbitrary state across systemd re-execution via NotifyAccess.
+ (CVE-2018-15686, Closes: #912005)
+ * meson: Use the host architecture compiler/linker for src/boot/efi.
+ Fixes cross build failure for arm64. (Closes: #905381)
+ * systemd: Do not pass .wants fragment path to manager_load_unit.
+ Fixes an issue with overridden units in /etc not being used due to a
+ .wants/ symlink pointing to /lib. (Closes: #907054)
+ * machined: When reading os-release file, join PID namespace too.
+ This ensures that we properly acquire the os-release file from containers.
+ (Closes: #911231)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 17 Nov 2018 18:39:21 +0100
+
+systemd (239-11) unstable; urgency=high
+
+ [ Michael Biebl ]
+ * debian/tests/upstream: Clean up after each test run.
+ Otherwise the loopback images used by qemu are not properly released and
+ we might run out of disk space.
+ * dhcp6: Make sure we have enough space for the DHCP6 option header.
+ Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option
+ handling.
+ (CVE-2018-15688, LP: #1795921, Closes: #912008)
+ * chown-recursive: Rework the recursive logic to use O_PATH.
+ Fixes a race condition in chown_one() which allows an attacker to cause
+ systemd to set arbitrary permissions on arbitrary files.
+ (CVE-2018-15687, LP: #1796692, Closes: #912007)
+
+ [ Martin Pitt ]
+ * debian/tests/boot-and-services: Use gdm instead of lightdm.
+ This seems to work more reliably, on Ubuntu CI's i386 instances lightdm
+ fails.
+
+ [ Manuel A. Fernandez Montecelo ]
+ * Run "meson test" instead of "ninja test"
+ Upstream developers of meson recommend to run it in this way, because
+ "ninja test" just calls "meson test", and by using meson directly and
+ using extra command line arguments it is possible to control aspects of
+ how the tests are run.
+ * Increase timeout for test in riscv64.
+ The buildds for the riscv64 arch used at the moment are slow, so increase
+ the timeouts for this arch by a factor of 10, for good measure.
+ (Closes: #906429)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 28 Oct 2018 13:02:18 +0100
+
+systemd (239-10) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * meson: Rename -Ddebug to -Ddebug-extra.
+ Meson added -Doptimization and -Ddebug options, which obviously causes
+ a conflict with our -Ddebug options. Let's rename it.
+ (Closes: #909455)
+ * Add conflicts against consolekit.
+ Letting both ConsoleKit and logind manage dynamic device permissions
+ will only lead to inconsistent and unexpected results.
+
+ [ Felipe Sateler ]
+ * Link systemctl binary statically against libshared.
+ This reduces the Pre-Depends list considerably, and is more resilient
+ against borked installs.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 25 Sep 2018 16:11:12 +0200
+
+systemd (239-9) unstable; urgency=medium
+
+ * autopkgtest: Remove needs-recommends runtime restriction.
+ This restriction has been deprecated and there are plans to remove it
+ altogether. The tests pass withouth needs-recommends, so it seems safe
+ to remove.
+ * test: Use installed catalogs when test-catalog is not located at build
+ dir.
+ This makes it possible to run test-catalog as installed test, so we no
+ longer need to mark it as EXFAIL in our root-unittests autopkgtest.
+ * test: Use "systemd-runtest.env" to set $SYSTEMD_TEST_DATA and
+ $SYSTEMD_CATALOG_DIR.
+ This avoids embedding ABS_{SRC,BUILD}_DIR into libsystemd-shared.so and
+ the test binaries and should make the build reproducible.
+ (Closes: #908365)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 12 Sep 2018 19:07:38 +0200
+
+systemd (239-8) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Clean up dbus-org.freedesktop.timesync1.service Alias on purge
+ (Closes: #904290)
+ * user-runtime-dir: Fix wrong SELinux context (Closes: #908026)
+ * core: Fix gid when DynamicUser=yes with static user (Closes: #904335)
+ * Remove udev control socket on shutdown under sysvinit.
+ The udev control socket is no longer removed automatically when the
+ daemon is stopped. As this can confuse other software, update the SysV
+ init script to remove the control socket manually and make sure the init
+ script is executed on shutdown (runlevel 0) and reboot (runlevel 6).
+ (Closes: #791944)
+ * Bump Standards-Version to 4.2.1
+
+ [ Martin Pitt ]
+ * timedated: Fix wrong PropertyChanged values and refcounting
+
+ -- Michael Biebl <biebl@debian.org> Fri, 07 Sep 2018 08:41:12 +0200
+
+systemd (239-7) unstable; urgency=medium
+
+ * autopkgtest: Add iputils-ping dependency to root-unittests.
+ The ping binary is required by test-bpf.
+ * autopkgtest: Add dbus-user-session and libpam-systemd dependency to
+ root-unittests.
+ Without a working D-Bus user session, a lot of the test-bus-* tests are
+ skipped.
+ * network/link: Fix logic error in matching devices by MAC (Closes: #904198)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 22 Jul 2018 13:40:15 +0200
+
+systemd (239-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * autopkgtest: Install libnss-systemd.
+ Make sure that dynamic users can be resolved. This e. g. prevents a
+ startup failure for systemd-resolved.
+ * autopkgtest: Add missing python3 test dependency for udev test
+
+ [ Michael Biebl ]
+ * autopkgtest: Make AppArmor violator test work with merged-usr
+ * Make /dev/kvm accessible to local users and group kvm.
+ Re-add the uaccess tag to /dev/kvm to make it accessible to local
+ users. Access is also granted via group kvm, so create that in
+ udev.postinst. (Closes: #887852)
+ * Move a few man pages from systemd to systemd-journal-remote.
+ The systemd package shipped a few systemd-journal-remote and
+ systemd-journal-upload related man pages which really belong into the
+ systemd-journal-remote package. Move those man pages into the correct
+ package and add a Breaks/Replaces against systemd accordingly.
+ (Closes: #903557)
+ * autopkgtest: Drop no-longer needed workaround from upstream test
+ * Go back to statically allocate system users for timesyncd, networkd and
+ resolved.
+ There are currently too many open issues related to D-Bus and the usage
+ of DynamicUser. (Closes: #902971)
+ * Change python3-minimal dependency to python3.
+ While we strictly only need python3-minimal, the usage of
+ python3-minimal triggers a lintian error: depends-on-python-minimal
+ * test: Drop SKIP_INITRD for QEMU-based tests.
+ The Debian Linux kernel ships ext4 support as a module, so we require an
+ initrd to successfully start the QEMU images.
+ * debian/tests/localed-x11-keymap: Deal with absence of
+ /etc/default/keyboard more gracefully
+ * autopkgtest: Add various dependencies to make upstream test pass on Debian
+ - netcat-openbsd: Required by TEST-12-ISSUE-3171.
+ - busybox-static: Required by TEST-13-NSPAWN-SMOKE.
+ - plymouth: Required by TEST-15-DROPIN and TEST-22-TMPFILES.
+ * Drop seccomp system call filter for udev.
+ The seccomp based system call whitelist requires at least systemd 239 to
+ be the active init and during a dist-upgrade we can't guarantee that
+ systemd has been fully configured before udev is restarted.
+ The versioned systemd Breaks that was added to udev for #902185 didn't
+ really fix this issue, so revert that change again. (Closes: #903224)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 19 Jul 2018 00:04:54 +0200
+
+systemd (239-5) unstable; urgency=medium
+
+ * Add inverse version restriction of the Breaks to the systemd-shim
+ alternative in libpam-systemd.
+ Otherwise apt will fail to find an installation path for libpam-systemd
+ in cases where libpam-systemd is an indirect dependency. (Closes: #902998)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 05 Jul 2018 11:50:10 +0200
+
+systemd (239-4) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Drop outdated section from README.Debian about switching back to SysV init
+ * sleep: Fix one more printf format of a fiemap field
+ * basic: Add missing comma in raw_clone assembly for sparc
+ * bus-util: Make log level lower in request_name_destroy_callback()
+ * tmpfiles: Specify access mode for /run/systemd/netif
+ * Add Breaks against python-dbusmock (<< 0.18) to systemd.
+ The logind and timedated tests in python-dbusmock were broken by the
+ latest systemd release and had to be adjusted to work with systemd 239.
+ See #902602
+ * Drop patches which try to support running systemd services without systemd
+ as pid 1.
+ No one is currently actively maintaining systemd-shim, which means that
+ e.g. running systemd-logind no longer works when systemd is not pid 1.
+ Thus drop our no longer working patches. Bump the Breaks against
+ systemd-shim accordingly.
+ See #895292, #901404, #901405
+
+ [ Martin Pitt ]
+ * test: fix networkd-test.py rate limiting and dynamic user
+
+ -- Michael Biebl <biebl@debian.org> Tue, 03 Jul 2018 23:36:28 +0200
+
+systemd (239-3) unstable; urgency=medium
+
+ * Revert "systemctl: when removing enablement or mask symlinks, cover both
+ /run and /etc"
+ We currently have packages in the archive which use
+ "systemctl --runtime unmask" and are broken by this change.
+ This is a intermediate step until it is clear whether upstream will
+ revert this commit or whether we will have to update affected packages
+ to deal with this changed behaviour.
+ See #902287 and https://github.com/systemd/systemd/issues/9393
+
+ -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2018 14:46:06 +0200
+
+systemd (239-2) unstable; urgency=medium
+
+ * sleep: Fix printf format of fiemap fields.
+ This should fix a FTBFS on ia64.
+ * timesync: Change type of drift_freq to int64_t.
+ This should fix a FTBFS on x32.
+ * Bump systemd Breaks to ensure it is upgraded in lockstep with udev.
+ The hardening features used by systemd-udevd.service require systemd 239
+ and udev will fail to start with older versions. (Closes: #902185)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2018 13:59:24 +0200
+
+systemd (239-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 239
+ * Drop alternative iptables-dev Build-Depends.
+ It is no longer needed as both Ubuntu and Debian now ship libiptc-dev in
+ their latest stable (LTS) release.
+ * Drop alternative btrfs-tools Recommends.
+ It is no longer needed as btrfs-progs is now available in both Debian
+ and Ubuntu and keeping the alternative around prevents the transitional
+ package from being autoremoved.
+ * Disable installation of RPM macros.
+ This avoids having to remove them manually later on.
+ * Drop cleanup rules for libtool .la files.
+ With the switch to Meson, libtool is no longer used.
+ * Drop fallback for older kernels when running the test suite.
+ We now assume that we have a kernel newer then 3.13.
+ * Stop cleaning up .busname units.
+ Those are gone upstream, so we no longer need to remove them manually.
+ * Update symbols file for libsystemd0
+ * Rebase patches
+ * Install new resolvectl tool.
+ Don't ship the /sbin/resolvconf compat symlink in the systemd package,
+ as this would cause a file conflict with the resolvconf and openresolv
+ package.
+ * Disable support for "Portable Services"
+ This is still an experimental feature.
+ * Disable pristine-tar in gbp.conf.
+ It is currently not possible to import the systemd v239 tarball using
+ pristine-tar due to #902115.
+ * Bump Build-Depends on meson to (>= 0.44)
+ * Stop setting the path for the kill binary, no longer necessary
+ * Stop creating systemd-network and systemd-resolve system user
+ systemd-networkd.service and systemd-resolved.service now use
+ DynamicUser=yes.
+
+ [ Dimitri John Ledkov ]
+ * Run all upstream tests, and then report all that failed.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 23 Jun 2018 00:18:08 +0200
+
+systemd (238-5) unstable; urgency=medium
+
+ [ Evgeny Vereshchagin ]
+ * upstream autopkgtest: Copy journal subdirectories.
+ Otherwise logs are missing on failures.
+
+ [ Martin Pitt ]
+ * debian/tests/boot-and-services: Ignore cpi.service failure.
+ This is apparently a regression in Ubuntu 18.04, not in systemd, so
+ ignore it.
+
+ [ Michael Biebl ]
+ * sd-bus: Do not try to close already closed fd (Closes: #896781)
+ * Use dh_missing to act on uninstalled files.
+ The usage of dh_install --fail-missing has been deprecated.
+ * meson: Avoid warning about comparison of bool and string.
+ The result of this is undefined and will become a hard error in a future
+ Meson release.
+ * login: Respect --no-wall when cancelling a shutdown request
+ (Closes: #897938)
+ * Add dependencies of libsystemd-shared to Pre-Depends.
+ This is necessary so systemctl is functional at all times during a
+ dist-upgrade. (Closes: #897986)
+ * Drop dh_strip override, the dbgsym migration is done
+
+ [ Felipe Sateler ]
+ * Don't include libmount.h in a header file.
+ Kernel and glibc headers both use MS_* constants, but are not in sync, so
+ only one of them can be used at a time. Thus, only import them where
+ needed. Works around #898743.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 26 May 2018 10:31:29 +0200
+
+systemd (238-4) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * udev/net-id: Fix check for address to keep interface names stable
+ * debian/copyright: Move global wildcard section to the top
+
+ [ Martin Pitt ]
+ * Fix daemon reload failures
+
+ [ Laurent Bigonville ]
+ * Fix /sys/fs/cgroup mount when using SELinux.
+ Since v236, all cgroups except /sys/fs/cgroup/systemd and
+ /sys/fs/cgroup/unified are not mounted when SELinux is enabled (even in
+ permissive mode). Disabling SELinux completely restores these cgroups.
+ This patch fixes that issue by no longer making the assumption that those
+ cgroups are mounted by initrd/dracut before systemd is started.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 01 Apr 2018 13:02:57 +0200
+
+systemd (238-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Enable systemd-sysusers unit and provide correct Debian static u/gids.
+ Add a helper script debian/extra/make-sysusers-basic which generates a
+ sysusers.d(5) file from Debian's static master passwd/group files.
+ systemd 238 now supports specifying different uid and gid and a
+ non-default login shell, so this is possible now. (Closes: #888126)
+ * udev README.Debian: Include initrd rebuild and some clarifications in
+ migration.
+ While initrd update is already being mentioned in the introductory
+ section, it is easy to miss when going through the migration steps, so
+ explicitly mention it again. Also add a warning about keeping a fallback
+ on misconfigurations, and the possibility to migrate one interface at a
+ time.
+ Thanks to Karl O. Pinc for the suggestions! (Closes: #881769)
+
+ [ Michael Biebl ]
+ * basic/macros: Rename noreturn into _noreturn_.
+ "noreturn" is reserved and can be used in other header files we include.
+ (Closes: #893426)
+ * units: Fix SuccessAction that belongs to [Unit] section not [Service]
+ section (Closes: #893282)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 20 Mar 2018 23:22:57 +0100
+
+systemd (238-2) unstable; urgency=medium
+
+ [ Alf Gaida ]
+ * core: do not free stack-allocated strings.
+ Fixes a crash in systemd when the cpuacct cgroup controller is not
+ available. (Closes: #892360)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 10 Mar 2018 01:12:47 +0100
+
+systemd (238-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 238
+ - Fixes systemd-tmpfiles to correctly handle symlinks present in
+ non-terminal path components. (CVE-2018-6954, Closes: #890779)
+ * Rebase patches
+ * Use compat symlinks as provided by upstream.
+ As the upstream build system now creates those symlinks for us, we no
+ longer have to create them manually.
+ * Update symbols file for libsystemd0
+ * test-cgroup-util: bail out when running under a buildd environment
+
+ [ Dimitri John Ledkov ]
+ * systemd-sysv-install: Fix name initialisation.
+ Only initialise NAME after --root optional argument has been parsed,
+ otherwise NAME is initialized to e.g. `enable`, instead of to the
+ `unit-name`, resulting in failures. (LP: #1752882)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 07 Mar 2018 23:21:53 +0100
+
+systemd (237-4) unstable; urgency=medium
+
+ [ Gunnar Hjalmarsson ]
+ * Fix PO template creation.
+ Cherry-pick upstream patches to build a correct systemd.pot including
+ the polkit policy files even without policykit-1 being installed.
+ (LP: #1707898)
+
+ [ Michael Biebl ]
+ * Drop mask for fuse SysV init script.
+ The fuse package has removed its SysV init script a long time ago, so
+ the mask is no longer needed.
+ * Replace two Debian specific patches which cherry-picks from upstream
+ master
+
+ -- Michael Biebl <biebl@debian.org> Wed, 28 Feb 2018 19:18:34 +0100
+
+systemd (237-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/boot-smoke: More robust journal checking.
+ Also fail the test if calling journalctl fails, and avoid calling it
+ twice. See https://github.com/systemd/systemd/pull/8032
+ * Simplify PO template creation.
+ Use the existing upstream build system instead of a manual call to
+ `intltool-update` and `xgettext` to build systemd.pot. Remove the now
+ obsolete intltool build dependency, but still explicitly keep gettext.
+ (LP: #1707898)
+ * Make systemd-sysv-install robust against existing $ROOT.
+ Always initialize `$ROOT`, to avoid the script getting confused by an
+ existing outside env variable. Also fix the `--root` option to actually
+ work, the previous approach was conceptually broken due to how shell
+ quoting works. Make the work with `set -u`. (Closes: #890436)
+
+ [ Felipe Sateler ]
+ * Backport upstream patch fixing a wrong assert() call (Closes: #890423)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 14 Feb 2018 23:07:17 +0100
+
+systemd (237-2) unstable; urgency=medium
+
+ * Drop debian/extra/rules/70-debian-uaccess.rules.
+ Up-to-date udev rules for U2F devices are shipped in libu2f-udev nowadays.
+ (Closes: #889665)
+ * service: relax PID file symlink chain checks a bit.
+ Let's read the PID file after all if there's a potentially unsafe symlink
+ chain in place. But if we do, then refuse taking the PID if its outside of
+ the cgroup. (Closes: #889144)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 09 Feb 2018 23:35:31 +0100
+
+systemd (237-1) unstable; urgency=medium
+
+ * New upstream version 237
+ * Rebase patches
+ * Update symbols file for libsystemd0
+ * Update Vcs-* to point to https://salsa.debian.org
+ * Bump Standards-Version to 4.1.3
+ * Set Rules-Requires-Root to no
+
+ -- Michael Biebl <biebl@debian.org> Tue, 30 Jan 2018 01:55:24 +0100
+
+systemd (236-4) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Allow systemd-timesyncd to start when libnss-systemd is not installed.
+ Pick upstream patch requiring the existence of the systemd-timesync user
+ only when running as root, which is not the case for the system unit.
+ (Closes: #887343)
+
+ [ Nicolas Braud-Santoni ]
+ * debian/copyright: Refer to the CC0 license file (Closes: #882629)
+
+ [ Michael Biebl ]
+ * Add Build-Depends on python3-evdev <!nocheck>
+ This is used by hwdb/parse_hwdb.py to perform additional validation on
+ hwdb files.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 28 Jan 2018 22:29:32 +0100
+
+systemd (236-3) unstable; urgency=medium
+
+ * Revert "core/execute: RuntimeDirectory= or friends requires mount
+ namespace"
+ This was making mounts from SSH sessions invisible to the system.
+ (Closes: #885325)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 11 Jan 2018 16:46:04 +0100
+
+systemd (236-2) unstable; urgency=medium
+
+ * Downgrade priority of libudev1 to optional.
+ This makes it compliant with recent versions of debian-policy which
+ recommends to use priority optional for library packages.
+ * Clarify NEWS entry about removal of system users.
+ Mention in the recent NEWS entry that the associated system groups
+ should be removed as well. (Closes: #885061)
+ * cryptsetup-generator: Don't mistake NULL input as OOM.
+ Fixes systemd-cryptsetup-generator failing to run during boot.
+ (Closes: #885201)
+ * analyze: Use normal bus connection for "plot" verb.
+ Fixes "systemd-analyze plot" failing to run as root. (Closes: #884506)
+ * Stop re-enabling systemd services on every upgrade.
+ This was done so changes to the [Install] section would be applied on
+ upgrades. Forcefully re-enabling a service might overwrite local
+ modifications though and thus far, none of the affected services did
+ actually change its [Install] section. So remove this code from the
+ maintainer scripts as it was apparently doing more harm then good.
+ (Closes: #869354)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 02 Jan 2018 00:35:14 +0100
+
+systemd (236-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/upstream: Only show ≥ warning in journal dumps.
+ Showing the entire debug log is too hard to scan visually, and most of
+ the time the warnings and errors are sufficient to explain a failure.
+ Put the journal files into the artifacts though, in case the debug
+ information is necessary.
+
+ [ Michael Biebl ]
+ * New upstream version 236
+ - nspawn: Adjust path to static resolv.conf to support split usr.
+ (Closes: #881310)
+ - networkd: Don't stop networkd if CONFIG_FIB_RULES=n in kernel.
+ (Closes: #881823)
+ - core: Fix segfault in compile_bind_mounts() when BindPaths= or
+ BindReadOnlyPaths= is set. (Closes: #883380)
+ - meson: Link NSS modules with -z nodelete to fix memory leak in
+ nss-systemd. (Closes: #883407)
+ - logind: Make sure we don't acces m->action_what if it's not initialized.
+ (Closes: #882270)
+ - systemctl: Ignore shutdown's "-t" argument. (Closes: #882245)
+ - core: Be more defensive if we can't determine per-connection socket
+ peer. (Closes: #879603)
+ - bpf-firewall: Actually invoke BPF_PROG_ATTACH to check whether
+ cgroup/bpf is available. (Closes: #878965)
+ * Rebase patches
+ * Update symbols file for libsystemd0
+ * Bump Standards-Version to 4.1.2
+ * Clean up old /var/lib/systemd/clock on upgrade.
+ The clock file used by systemd-timesyncd is now stored in
+ StateDirectory=systemd/timesync. (Closes: #883605)
+ * Stop creating systemd-timesync system user.
+ DynamicUser=yes has been enabled for systemd-timesyncd.service so
+ allocating a system user statically is no longer necessary.
+ * Document removal of systemd-{timesync,journal-gateway,journal-upload} user.
+ We no longer create those system users as the corresponding services now
+ use DynamicUser=yes. Removing those system users automatically is tricky,
+ as the relevant services might be running during upgrade. Add a NEWS
+ entry instead which documents this change.
+ * Revert "udev-rules: Permission changes for /dev/dri/renderD*"
+ This would introduce a new system group "render". As the name is rather
+ generic, this needs further discussion first, so revert this change for
+ now.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 17 Dec 2017 21:45:51 +0100
+
+systemd (235-3) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7
+ Package-Type is recognized as an official field name.
+ * Install modprobe configuration file to /lib/modprobe.d.
+ Otherwise it is not read by kmod. (Closes: #879191)
+
+ [ Felipe Sateler ]
+ * Backport upstream (partial) fix for combined DynamicUser= + User=
+ UID was not allowed to be different to GID, which is normally the case in
+ debian, due to the group users being allocated the GID 100 without an
+ equivalent UID 100 being allocated.
+ * Backport upstream patches to fully make DynamicUser=yes + static,
+ pre-existing User= work.
+
+ [ Martin Pitt ]
+ * Add missing python3-minimal dependency to systemd-tests
+ * Drop long-obsolete systemd-bus-proxy system user
+ systemd-bus-proxy hasn't been shipped since before stretch and never
+ created any files. Thus clean up the obsolete system user on upgrades.
+ (Closes: #878182)
+ * Drop static systemd-journal-gateway system user
+ systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need
+ to create this statically any more. Don't remove the user on upgrades
+ though, as there is likely still be a running process. (Closes: #878183)
+ * Use DynamicUser= for systemd-journal-upload.service.
+ * Add Recommends: libnss-systemd to systemd-sysv.
+ This is useful to actually be able to resolve dynamically created system
+ users with DynamicUser=true. This concept is going to be used much more
+ in future versions and (hopefully) third-party .services, so pulling it
+ into the default installation seems prudent now.
+ * resolved: Fix loop on packets with pseudo dns types.
+ (CVE-2017-15908, Closes: #880026, LP: #1725351)
+ * bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps.
+ Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965)
+ * Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 15 Nov 2017 09:34:00 +0100
+
+systemd (235-2) unstable; urgency=medium
+
+ * Revert "tests: when running a manager object in a test, migrate to private
+ cgroup subroot first"
+ This was causing test suite failures when running inside a chroot.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 11 Oct 2017 00:46:07 +0200
+
+systemd (235-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 235
+ - cryptsetup-generator: use remote-cryptsetup.target when _netdev is
+ present (Closes: #852534)
+ - tmpfiles: change btmp mode 0600 → 0660 (Closes: #870638)
+ - networkd: For IPv6 addresses do not treat IFA_F_DEPRECATED as not ready
+ (Closes: #869995)
+ - exec-util,conf-files: skip non-executable files in execute_directories()
+ (Closes: #867902)
+ - man: update udevadm -y/--sysname-match documentation (Closes: #865081)
+ - tmpfiles: silently ignore any path that passes through autofs
+ (Closes: #805553)
+ - shared: end string with % if one was found at the end of a expandible
+ string (Closes: #865450)
+ * Refresh patches
+ * Bump Build-Depends on libmount-dev to (>= 2.30)
+ * Install new modprobe.d config file
+ * Bump Standards-Version to 4.1.1
+
+ [ Martin Pitt ]
+ * Merge logind-kill-off autopkgtest into logind test.
+ This was horribly inefficient as a separate test (from commit
+ 6bd0dab41e), as that cost two VM resets plus accompanying boots; and
+ this does not change any state thus does not require this kind of
+ isolation.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 10 Oct 2017 18:29:28 +0200
+
+systemd (234-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Various fixes for the upstream autopkgtest.
+
+ [ Felipe Sateler ]
+ * Add fdisk to the dependencies of the upstream autopkgtest.
+ The upstream autopkgtest uses sfdisk, which is now in the non-essential
+ fdisk package. (Closes: #872119)
+ * Disable nss-systemd on udeb builds
+ * Correctly disable resolved on udeb builds
+ * Help fix collisions in libsystemd-shared symbols by versioning them.
+ Backport upstream patch to version the symbols provided in the private
+ library, so that they cannot confuse unversioned pam modules or libraries
+ linked into them. (Closes: #873708)
+
+ [ Dimitri John Ledkov ]
+ * Cherrypick upstream networkd-test.py assertion/check fixes.
+ This resolves ADT test suite failures, when running tests under lxc/lxd
+ providers.
+ * Cherrypick arm* seccomp fixes.
+ This should resolve ADT test failures, on arm64, when running as root.
+ * Disable KillUserProcesses, yet again, with meson this time.
+ * initramfs-tools: trigger udevadm add actions with subsystems first.
+ This updates the initramfs-tools init-top udev script to trigger udevadm
+ actions with type specified. This mimics the systemd-udev-trigger.service.
+ Without type specified only devices are triggered, but triggering
+ subsystems may also be required and should happen before triggering the
+ devices. This is the case for example on s390x with zdev generated udev
+ rules. (LP: #1713536)
+
+ [ Michael Biebl ]
+ * (Re)add --quiet flag to addgroup calls.
+ This is now safe with adduser having been fixed to no longer suppress
+ fatal error messages if --quiet is used. (Closes: #837871)
+ * Switch back to default GCC (Closes: #873661)
+ * Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf.
+ All major NTP implementations ship a native service file nowadays with a
+ Conflicts=systemd-timesyncd.service so this drop-in is no longer
+ necessary. (Closes: #873185)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 04 Sep 2017 00:17:00 +0200
+
+systemd (234-2.3) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Also switch to g++-6 temporarily (needed for some tests):
+ - Add g++-6 to Build-Depends
+ - Export CXX = g++-6
+
+ -- Cyril Brulebois <kibi@debian.org> Thu, 24 Aug 2017 02:40:53 +0200
+
+systemd (234-2.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Switch to gcc-6 on all architectures, working around an FTBFS on mips64el,
+ apparently due to a gcc-7 bug (See: #871514):
+ - Add gcc-6 to Build-Depends in debian/control
+ - Export CC = gcc-6 in debian/rules
+
+ -- Cyril Brulebois <kibi@debian.org> Wed, 23 Aug 2017 22:53:09 +0000
+
+systemd (234-2.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix missing 60-input-id.rules in udev-udeb, which breaks the graphical
+ version of the Debian Installer, as no key presses or mouse events get
+ processed (Closes: #872598).
+
+ -- Cyril Brulebois <kibi@debian.org> Wed, 23 Aug 2017 20:41:33 +0200
+
+systemd (234-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * udev README.Debian: Fix name of example *.link file
+
+ [ Felipe Sateler ]
+ * test-condition: Don't assume that all non-root users are normal users.
+ Automated builders may run under a dedicated system user, and this test
+ would fail that.
+
+ [ Michael Biebl ]
+ * Revert "units: Tell login to preserve environment"
+ Environment=LANG= LANGUAGE= LC_CTYPE= ... as used in the getty units is
+ not unsetting the variables but instead sets it to an empty var. Passing
+ that environment to login messes up the system locale settings and
+ breaks programs like gpg-agent.
+ (Closes: #868695)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 20 Jul 2017 15:13:42 +0200
+
+systemd (234-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 234
+ - tmpfiles: Create /var/log/lastlog if it does not exist.
+ (Closes: #866313)
+ - network: Bridge vlan without PVID. (Closes: #859941)
+ * Rebase patches
+ * Switch build system from autotools to meson.
+ Update the Build-Depends accordingly.
+ * Update fsckd patch for meson
+ * udev autopkgtest: no longer install test-udev binary manually.
+ This is now done by the upstream build system.
+ * Update symbols file for libsystemd0
+ * Update lintian override for systemd-tests.
+ Upstream now installs manual and unsafe tests in subdirectories of
+ /usr/lib/systemd/tests/, so ignore those as well.
+ * Bump Standards-Version to 4.0.0
+ * Change priority of libnss-* packages from extra to optional.
+ * Use UTF-8 locale when building the package.
+ Otherwise meson will be pretty unhappy when trying to process files with
+ unicode characters. Use C.UTF-8 as this locale is pretty much guaranteed
+ to be available everywhere.
+ * Mark test-timesync as manual.
+ The test tries to setup inotify watches for /run/systemd/netif/links
+ which fails in a buildd environment where systemd is not active.
+ * Do not link udev against libsystemd-shared.
+ We ship udev in a separate binary package, so can't use
+ libsystemd-shared, which is part of the systemd binary package.
+ * Avoid requiring a "kvm" system group.
+ This group is not universally available and as a result generates a
+ warning during boot. As kvm is only really useful if the qemu package is
+ installed and this package already takes care of setting up the proper
+ permissions for /dev/kvm, drop this rule from 50-udev-default.rules.
+
+ [ Martin Pitt ]
+ * udev README.Debian: Update transitional rules and mention *.link files.
+ - 01-mac-for-usb.link got replaced with 73-usb-net-by-mac.rules
+ - /etc/systemd/network/50-virtio-kernel-names.link is an upgrade
+ transition for VMs with virtio
+ - Describe *.link files as a simpler/less error prone (but also less
+ flexible) way of customizing interface names. (Closes: #868002)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 13 Jul 2017 17:38:28 +0200
+
+systemd (233-10) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Adjust var-lib-machines.mount target.
+ Upstream PR #6095 changed the location to
+ {remote-fs,machines}.target.wants, so just install all available ones.
+
+ [ Dimitri John Ledkov ]
+ * Fix out-of-bounds write in systemd-resolved.
+ CVE-2017-9445 (Closes: #866147, LP: #1695546)
+
+ [ Michael Biebl ]
+ * Be truly quiet in systemctl -q is-enabled (Closes: #866579)
+ * Improve RLIMIT_NOFILE handling.
+ Use /proc/sys/fs/nr_open to find the current limit of open files
+ compiled into the kernel instead of using a hard-coded value of 65536
+ for RLIMIT_NOFILE. (Closes: #865449)
+
+ [ Nicolas Braud-Santoni ]
+ * debian/extra/rules: Use updated U2F ruleset.
+ This ruleset comes from Yubico's libu2f-host. (Closes: #824532)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 03 Jul 2017 18:51:58 +0200
+
+systemd (233-9) unstable; urgency=medium
+
+ * hwdb: Use path_join() to generate the hwdb_bin path.
+ This ensures /lib/udev/hwdb.bin gets the correct SELinux context. Having
+ double slashes in the path makes selabel_lookup_raw() return the wrong
+ context. (Closes: #851933)
+ * Drop no longer needed Breaks against usb-modeswitch
+ * Drop Breaks for packages shipping rcS init scripts.
+ This transition was completed in stretch.
+
+ -- Michael Biebl <biebl@debian.org> Mon, 19 Jun 2017 15:10:14 +0200
+
+systemd (233-8) experimental; urgency=medium
+
+ * Bump debhelper compatibility level to 10
+ * Drop versioned Build-Depends on dpkg-dev.
+ It's no longer necessary as even Jessie ships a new enough version.
+ * timesyncd: don't use compiled-in list if FallbackNTP has been configured
+ explicitly (Closes: #861769)
+ * resolved: fix null pointer p->question dereferencing.
+ This fixes a bug which allowed a remote DoS (daemon crash) via a crafted
+ DNS response with an empty question section.
+ Fixes: CVE-2017-9217 (Closes: #863277)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 29 May 2017 14:12:08 +0200
+
+systemd (233-7) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * basic/journal-importer: Fix unaligned access in get_data_size()
+ (Closes: #862062)
+ * ima: Ensure policy exists before asking the kernel to load it
+ (Closes: #863111)
+ * Add Depends: procps to systemd.
+ It's required by /usr/lib/systemd/user/systemd-exit.service which calls
+ /bin/kill to stop the systemd --user instance. (Closes: #862292)
+ * service: Serialize information about currently executing command
+ (Closes: #861157)
+ * seccomp: Add clone syscall definitions for mips (Closes: #861171)
+
+ [ Dimitri John Ledkov ]
+ * ubuntu: disable dnssec on any ubuntu releases (LP: #1690605)
+
+ [ Felipe Sateler ]
+ * Specify nobody user and group.
+ Otherwise nss-systemd will translate to group 'nobody', which doesn't
+ exist on debian systems.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 24 May 2017 12:26:18 +0200
+
+systemd (233-6) experimental; urgency=medium
+
+ [ Felipe Sateler ]
+ * Backport upstream PR #5531.
+ This delays opening the mdns and llmnr sockets until a network has enabled
+ them. This silences annoying messages when networkd receives such packets
+ without expecting them: Got mDNS UDP packet on unknown scope.
+
+ [ Martin Pitt ]
+ * resolved: Disable DNSSEC by default on stretch and zesty.
+ Both Debian stretch and Ubuntu zesty are close to releasing, switch to
+ DNSSEC=off by default for those. Users can still turn it back on with
+ DNSSEC=allow-downgrade (or even "yes").
+
+ [ Michael Biebl ]
+ * Add Conflicts against hal.
+ Since v183, udev no longer supports RUN+="socket:". This feature is
+ still used by hal, but now generates vast amounts of errors in the
+ journal. Thus force the removal of hal by adding a Conflicts to the udev
+ package. This is safe, as hal is long dead and no longer useful.
+ * Drop systemd-ui Suggests
+ systemd-ui is unmaintained upstream and not particularly useful anymore.
+ * journal: fix up syslog facility when forwarding native messages.
+ Native journal messages (_TRANSPORT=journal) typically don't have a
+ syslog facility attached to it. As a result when forwarding the
+ messages to syslog they ended up with facility 0 (LOG_KERN).
+ Apply syslog_fixup_facility() so we use LOG_USER instead.
+ (Closes: #837893)
+ * Split upstream tests into systemd-tests binary package (Closes: #859152)
+ * Get PACKAGE_VERSION from config.h.
+ This also works with meson and is not autotools specific.
+
+ [ Sjoerd Simons ]
+ * init-functions Only call daemon-reload when planning to redirect
+ systemctl daemon-reload is a quite a heavy operation, it will re-parse
+ all configuration and re-run all generators. This should only be done
+ when strictly needed. (Closes: #861158)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 28 Apr 2017 21:47:14 +0200
+
+systemd (233-5) experimental; urgency=medium
+
+ * Do not throw a warning in emergency and rescue mode if plymouth is not
+ installed.
+ Ideally, plymouth should only be referenced via dependencies, not
+ ExecStartPre. This at least avoids the confusing error message on
+ minimal installations that do not carry plymouth.
+ * rules: Allow SPARC vdisk devices when identifying CD drives
+ (Closes: #858014)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 21 Mar 2017 21:00:08 +0100
+
+systemd (233-4) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * udev autopkgtest: Drop obsolete sys.tar.xz fallback.
+ This was only necessary for supporting 232 as well.
+ * root-unittest: Drop obsolete FIXME comment.
+ * Add libpolkit-gobject-1-dev build dep for polkit version detection.
+ * Move systemd.link(5) to udev package.
+ .link files are being handled by udev, so it should ship the
+ corresponding manpage. Bump Breaks/Replaces accordingly. (Closes: #857270)
+
+ [ Michael Biebl ]
+ * Restart journald on upgrades (Closes: #851438)
+ * Avoid strict DM API versioning.
+ Compiling against the dm-ioctl.h header as provided by the Linux kernel
+ will embed the DM interface version number. Running an older kernel can
+ lead to errors on shutdown when trying to detach DM devices.
+ As a workaround, build against a local copy of dm-ioctl.h based on 3.13,
+ which is the minimum required version to support DM_DEFERRED_REMOVE.
+ (Closes: #856337)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 16 Mar 2017 18:40:16 +0100
+
+systemd (233-3) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * Install D-Bus policy files in /usr
+ * Drop no longer needed maintainer scripts migration code and simplify
+ various version checks
+ * Fix location of installed tests
+ * Override package-name-doesnt-match-sonames lintian warning for libnss-*
+ * Don't ship any symlinks in /etc/systemd/system.
+ Those should be created dynamically via "systemctl enable".
+
+ [ Martin Pitt ]
+ * root-unittests autopkgtest: Skip test-udev.
+ It has its own autopkgtest and needs some special preparation. At some
+ point that should be merged into root-unittests, but let's quickfix this
+ to unbreak upstream CI.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 03 Mar 2017 19:49:44 +0100
+
+systemd (233-2) experimental; urgency=medium
+
+ * test: skip instead of fail if crypto kmods are not available.
+ The Debian buildds have module loading disabled, thus AF_ALG sockets are
+ not available during build. Skip the tests that cover those (khash and
+ id128) instead of failing them in this case.
+ https://github.com/systemd/systemd/issues/5524
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 03 Mar 2017 11:51:25 +0100
+
+systemd (233-1) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release 233:
+ - udev: Remove /run/udev/control on stop to avoid sendsigs to kill
+ udevd. (Closes: #791944)
+ - nspawn: Handle container directory symlinks. (Closes: #805785)
+ - Fix mount units to not become "active" when NFS mounts time out.
+ (Closes: #835810)
+ - hwdb: Rework path/priority comparison when loading files from /etc/
+ vs. /lib. (Closes: #845442)
+ - machinectl: Fix "list" command when failing to determine OS version.
+ (Closes: #849316)
+ - Support tilegx architecture. (Closes: #856306)
+ - systemd-sleep(8): Point out inhibitor interface as better alternative
+ for suspend integration. (Closes: #758279)
+ - journalctl: Improve error message wording when specifying boot
+ offset with ephemeral journal. (Closes: #839291)
+ * Install new systemd-umount and /usr/lib/environment.d/
+ * Use "make install-tests" for shipped unit tests
+ * Switch back to gold linker on mips*
+ Bug #851736 got fixed now.
+ * debian/rules: Drop obsolete SETCAP path
+
+ [ Michael Biebl ]
+ * Drop upstart jobs for udev
+ * Drop /sbin/udevadm compat symlink from udev-udeb and initramfs
+ * Drop Breaks and Replaces from pre-jessie
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 02 Mar 2017 17:10:09 +0100
+
+systemd (232-19) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/README.source: Update patch and changelog handling to current
+ reality.
+ * root-unittests autopkgtest: Blacklist test-journal-importer.
+ This got added in a recent PR, but running this requires using "make
+ install-tests" which hasn't landed yet.
+ * fsckd: Fix format specifiers on 32 bit architectures.
+ * resolved: Fix NSEC proofs for missing TLDs (Closes: #855479)
+ * boot-and-services autopkgtest: Skip CgroupsTest on unified hierarchy.
+ * boot-smoke autopkgtest: Run in containers, too.
+ * logind autopkgtest: Adjust to work in containers.
+
+ [ Dimitri John Ledkov ]
+ * Fix resolved failing to follow CNAMES for DNS stub replies (LP: #1647031)
+ * Fix emitting change signals with a sessions property in logind
+ (LP: #1661568)
+
+ [ Michael Biebl ]
+ * If an automount unit is masked, don't react to activation anymore.
+ Otherwise we'll hit an assert sooner or later. (Closes: #856035)
+
+ [ Felipe Sateler ]
+ * resolved: add the new KSK to the built-in resolved trust anchor.
+ The old root key will be discarded in early 2018, so get this into
+ stretch.
+ * Backport some zsh completion fixes from upstream (Closes: #847203)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 02 Mar 2017 09:21:12 +0100
+
+systemd (232-18) unstable; urgency=medium
+
+ * udev autopkgtest: Adjust to script-based test /sys creation.
+ PR #5250 changes from the static sys.tar.xz to creating the test /sys
+ directory with a script. Get along with both cases until 233 gets
+ released and packaged.
+ * systemd-resolved.service.d/resolvconf.conf: Don't fail if resolvconf is
+ not installed. ReadWritePaths= fails by default if the referenced
+ directory does not exist. This happens if resolvconf is not installed, so
+ use '-' to ignore the absence. (Closes: #854814)
+ * Fix two more seccomp issues.
+ * Permit seeing process list of units whose unit files are missing.
+ * Fix systemctl --user enable/disable without $XDG_RUNTIME_DIR being set.
+ (Closes: #855050)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 13 Feb 2017 17:36:12 +0100
+
+systemd (232-17) unstable; urgency=medium
+
+ * Add libcap2-bin build dependency for tests. This will make
+ test_exec_capabilityboundingset() actually run. (Closes: #854394)
+ * Add iproute2 build dependency for tests. This will make
+ test_exec_privatenetwork() actually run; it skips if "ip" is not present.
+ (Closes: #854396)
+ * autopkgtest: Run all upstream unit tests as root.
+ Ship all upstream unit tests in libsystemd-dev, and run them all as root
+ in autopkgtest. (Closes: #854392) This also fixes the FTBFS on non-seccomp
+ architectures.
+ * systemd-resolved.service.d/resolvconf.conf: Allow writing to
+ /run/resolvconf. Upstream PR #5283 will introduce permission restrictions
+ for systemd-resolved.service, including the lockdown to writing
+ /run/systemd/. This will then cause the resolvconf call in our drop-in to
+ fail as that needs to write to /run/resolvconf/. Add this to
+ ReadWritePaths=. (This is a no-op with the current unrestricted unit).
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 10 Feb 2017 11:52:46 +0100
+
+systemd (232-16) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add autopkgtest for test-seccomp
+ * udev: Fix by-id symlinks for devices whose IDs contain whitespace
+ (Closes: #851164, LP: #1647485)
+ * Add lintian overrides for binary-or-shlib-defines-rpath on shipped test
+ programs. This is apparently a new lintian warning on which uploads get
+ rejected. These are only test programs, not in $PATH, and they need to
+ link against systemd's internal library.
+
+ [ Michael Biebl ]
+ * Fix seccomp filtering. (Closes: #852811)
+ * Do not crash on daemon-reexec when /run is full (Closes: #850074)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 09 Feb 2017 16:22:43 +0100
+
+systemd (232-15) unstable; urgency=medium
+
+ * Add missing Build-Depends on tzdata.
+ It is required to successfully run the test suite. (Closes: #852883)
+ * Bump systemd Breaks to ensure it is upgraded in lockstep with udev.
+ The sandboxing features used by systemd-udevd.service require systemd
+ (>= 232-11). (Closes: #853078)
+ * Bump priority of libpam-systemd to standard.
+ This reflects the changes that have been made in the archive a while
+ ago. See #803184
+
+ -- Michael Biebl <biebl@debian.org> Wed, 01 Feb 2017 22:45:35 +0100
+
+systemd (232-14) unstable; urgency=medium
+
+ * Deal with NULL pointers more gracefully in unit_free() (Closes: #852202)
+ * Fix issues in journald during startup
+
+ -- Michael Biebl <biebl@debian.org> Mon, 23 Jan 2017 14:52:46 +0100
+
+systemd (232-13) unstable; urgency=medium
+
+ * Re-add versioned Conflicts/Replaces against upstart.
+ In Debian the upstart package was never split into upstart and
+ upstart-sysv, so we need to keep that for switching from upstart to
+ systemd-sysv. (Closes: #852156)
+ * Update Vcs-* according to the latest recommendation
+ * Update Homepage and the URLs in debian/copyright to use https
+
+ -- Michael Biebl <biebl@debian.org> Sun, 22 Jan 2017 08:19:28 +0100
+
+systemd (232-12) unstable; urgency=medium
+
+ * Fix build if seccomp support is disabled
+ * Enable seccomp support on ppc64
+
+ -- Michael Biebl <biebl@debian.org> Wed, 18 Jan 2017 19:43:51 +0100
+
+systemd (232-11) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Fix RestrictAddressFamilies=
+ Backport upstream fix for setting up seccomp filters to fix
+ RestrictAddressFamilies= on non-amd64 architectures. Drop the hack from
+ debian/rules to remove this property from unit files.
+ See #843160
+ * Use local machine-id for running tests during package build.
+ Since "init" and thus "systemd" are not part of debootstrap any more,
+ some buildd chroots don't have an /etc/machine-id any more. Port the old
+ Add-env-variable-for-machine-ID-path.patch to the current code, use a
+ local machine-id again, and always make test suite failures fatal.
+ (Closes: #851445)
+
+ [ Michael Biebl ]
+ * gpt-auto-generator: support LUKS encrypted root partitions
+ (Closes: #851475)
+ * Switch to bfd linker on mips*
+ The gold linker is currently producing broken libraries on mips*
+ resulting in segfaults for users of libsystemd. Switch to bfd until
+ binutils has been fixed. (Closes: #851412)
+ * Revert "core: turn on specifier expansion for more unit file settings"
+ The expansion of the % character broke the fstab-generator and
+ specifying the tmpfs size as percentage of physical RAM resulted in the
+ size being set to 4k. (Closes: #851492)
+ * Drop obsolete Conflicts, Breaks and Replaces
+ * Require systemd-shim version which supports v232.
+ See #844785
+
+ [ Ondřej Nový ]
+ * Redirect try-restart in init-functions hook (Closes: #851688)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 18 Jan 2017 12:38:54 +0100
+
+systemd (232-10) unstable; urgency=medium
+
+ * Add NULL sentinel to strjoin.
+ We haven't cherry-picked upstream commit 605405c6c which introduced a
+ strjoin macro that adds the NULL sentinel automatically so we need to do
+ it manually. (Closes: #851210)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 13 Jan 2017 05:08:55 +0100
+
+systemd (232-9) unstable; urgency=medium
+
+ * Use --disable-wheel-group configure switch.
+ Instead of mangling the tmpfiles via sed to remove the wheel group, use
+ the configure switch which was added upstream in v230.
+ See https://github.com/systemd/systemd/issues/2492
+ * Update debian/copyright.
+ Bob Jenkins released the lookup3.[ch] files as public domain which means
+ there is no copyright holder.
+ * Drop fallback for older reportbug versions when attaching files
+ * debian/extra/init-functions.d/40-systemd: Stop checking for init env var.
+ This env variable is no longer set when systemd executes a service so
+ it's pointless to check for it.
+ * debian/extra/init-functions.d/40-systemd: Stop setting
+ _SYSTEMCTL_SKIP_REDIRECT=true.
+ It seems we don't actually need it to detect recursive loops (PPID is
+ sufficient) and by exporting it we leak _SYSTEMCTL_SKIP_REDIRECT into
+ the runtime environment of the service. (Closes: #802018)
+ * debian/extra/init-functions.d/40-systemd: Rename _SYSTEMCTL_SKIP_REDIRECT.
+ Rename _SYSTEMCTL_SKIP_REDIRECT to SYSTEMCTL_SKIP_REDIRECT to be more
+ consistent with other environment variables which are used internally by
+ systemd, like SYSTEMCTL_SKIP_SYSV.
+ * Various specifier resolution fixes.
+ Turn on specifier expansion for more unit file settings.
+ See https://github.com/systemd/systemd/pull/4835 (Closes: #781730)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 12 Jan 2017 16:59:22 +0100
+
+systemd (232-8) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Drop systemd dependency from libnss-myhostname again.
+ This NSS module is completely independent from systemd, unlike the other
+ three.
+ * Install 71-seat.rules into the initrd.
+ This helps plymouth to detect applicable devices. (Closes: #756109)
+ * networkd: Fix crash when setting routes.
+ * resolved: Drop removal of resolvconf entry on stop.
+ This leads to timeouts on shutdown via the resolvconf hooks and does not
+ actually help much -- /etc/resolv.conf would then just be empty instead of
+ having a nonexisting 127.0.0.53 nameserver, so manually stopping resolved
+ in a running system is broken either way. (LP: #1648068)
+ * Keep RestrictAddressFamilies on amd64.
+ This option and libseccomp currently work on amd64 at least, so let's make
+ sure it does not break there as well, and benefit from the additional
+ protection at least on this architecture.
+ * Explicitly set D-Bus policy dir.
+ This is about to change upstream in
+ https://github.com/systemd/systemd/pull/4892, but as explained in commit
+ 2edb1e16fb12f4 we need to keep the policies in /etc/ until stretch+1.
+
+ [ Michael Biebl ]
+ * doc: Clarify NoNewPrivileges in systemd.exec(5). (Closes: #756604)
+ * core: Rework logic to determine when we decide to add automatic deps for
+ mounts. This adds a concept of "extrinsic" mounts. If mounts are
+ extrinsic we consider them managed by something else and do not add
+ automatic ordering against umount.target, local-fs.target,
+ remote-fs.target. (Closes: #818978)
+ * rules: Add persistent links for nbd devices. (Closes: #837999)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 17 Dec 2016 01:54:18 +0100
+
+systemd (232-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Mark liblz4-tool build dependency as <!nocheck>
+ * udev: Try mount -n -o move first
+ initramfs-tools is not actually using util-linux mount (yet), so making
+ mount -n --move the first alternative would trigger an error message if
+ users have built their initramfs without busybox support.
+
+ [ Alexander Kurtz ]
+ * debian/extra/kernel-install.d/85-initrd.install: Remove an unnecessary
+ variable. (Closes: #845977)
+
+ [ Martin Pitt ]
+ * Drop systemd-networkd's "After=dbus.service" ordering, so that it can
+ start during early boot (for cloud-init.service). It will auto-connect to
+ D-Bus once it becomes available later, and transient (from DHCP) hostname
+ and timezone setting do not currently work anyway. (LP: #1636912)
+ * Run hwdb/parse_hwdb.py during package build.
+ * Package libnss-systemd
+ * Make libnss-* depend on the same systemd package version.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 30 Nov 2016 14:38:36 +0100
+
+systemd (232-6) unstable; urgency=medium
+
+ * Add policykit-1 test dependency for networkd-test.py.
+ * debian/rules: Don't destroy unit symlinks with sed -i.
+ Commit 21711e74 introduced a "sed -i" to remove RestrictAddressFamilies=
+ from units. This also caused unit symlinks to get turned into real files,
+ causing D-Bus activated services like timedated to fail ("two units with
+ the same D-Bus name").
+ * Fall back to "mount -o move" in udev initramfs script
+ klibc's mount does not understand --move, so for the time being we need to
+ support both variants. (Closes: #845161)
+ * debian/README.Debian: Document how to generate a shutdown log.
+ Thanks ç©ä¸¹å°¼ Dan Jacobson. (Closes: #826297)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 21 Nov 2016 10:39:57 +0100
+
+systemd (232-5) unstable; urgency=medium
+
+ * Add missing liblz4-tool build dependency.
+ Fixes test-compress failure during package build.
+ * systemd: Ship /var/lib.
+ This will soon contain a polkit pkla file.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 20 Nov 2016 12:22:52 +0100
+
+systemd (232-4) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/unit-config: Query pkg-config for system unit dir.
+ This fixes confusion on merged-/usr systems where both /usr/lib/systemd and
+ /lib/systemd exist. It's actually useful to verify that systemd.pc says the
+ truth.
+ * debian/tests/upstream: Fix clobbering of merged-/usr symlinks
+ * debian/tests/systemd-fsckd: Create /etc/default/grub.d if necessary
+ * debian/rules: Drop check for linking to libs in /usr.
+ This was just an approximation, as booting without an initrd could still be
+ broken by library updates (e. g. #828991). With merged /usr now being the
+ default this is now completely moot.
+ * Move kernel-install initrd script to a later prefix.
+ 60- does not leave much room for scripts that want to run before initrd
+ building (which is usually one of the latest things to do), so bump to 85.
+ Thanks to Sjoerd Simons for the suggestion.
+ * Disable 99-default.link instead of the udev rule for disabling persistent
+ interface names.
+ Disabling 80-net-setup-link.rules will also cause ID_NET_DRIVER to not be
+ set any more, which breaks 80-container-ve.network and matching on driver
+ name in general. So disable the actual default link policy instead. Still
+ keep testing for 80-net-setup-link.rules in the upgrade fix and
+ 73-usb-net-by-mac.rules to keep the desired behaviour on systems which
+ already disabled ifnames via that udev rule.
+ See https://lists.freedesktop.org/archives/systemd-devel/2016-November/037805.html
+ * debian/tests/boot-and-services: Always run seccomp test
+ seccomp is now available on all architectures on which Debian and Ubuntu
+ run tests, so stop making this test silently skip if seccomp is disabled.
+ * Bump libseccomp build dependency as per configure.ac.
+ * Replace "Drop RestrictAddressFamilies=" patch with sed call.
+ With that it will also apply to upstream builds/CI, and it is structurally
+ simpler.
+ * Rebuild against libseccomp with fixed shlibs. (Closes: #844497)
+
+ [ Michael Biebl ]
+ * fstab-generator: add x-systemd.mount-timeout option. (Closes: #843989)
+ * build-sys: do not install ctrl-alt-del.target symlink twice.
+ (Closes: #844039)
+ * Enable lz4 support.
+ While the compression rate is not as good as XZ, it is much faster, so a
+ better default for the journal and especially systemd-coredump.
+ (Closes: #832010)
+
+ [ Felipe Sateler ]
+ * Enable machines.target by default. (Closes: #806787)
+
+ [ Evgeny Vereshchagin ]
+ * debian/tests/upstream: Print all journal files.
+ We don't print all journal files. This is misleading a bit:
+ https://github.com/systemd/systemd/pull/4331#issuecomment-252830790
+ https://github.com/systemd/systemd/pull/4395#discussion_r87948836
+
+ [ Luca Boccassi ]
+ * Use mount --move in initramfs-tools udev script.
+ Due to recent changes in busybox and initramfs-tools the mount
+ utility is no longer the one from busybox but from util-linux.
+ The latter does not support mount -o move.
+ The former supports both -o move and --move, so use it instead to be
+ compatible with both.
+ See this discussion for more details:
+ https://bugs.debian.org/823856 (Closes: #844775)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 20 Nov 2016 03:34:58 +0100
+
+systemd (232-3) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Make systemd-delta less confused on merged-usr systems. (Closes: #843070)
+ * Fix wrong paths for /bin/mount when compiled on merged-usr system.
+ Then the build system finds /usr/bin/mount which won't exist on a
+ split-/usr system. Set the paths explicitly in debian/rules and drop
+ Use-different-default-paths-for-various-binaries.patch. (Closes: #843433)
+
+ [ Martin Pitt ]
+ * debian/tests/logind: Split out "pid in logind session" test
+ * debian/tests/logind: Adjust "in logind session" test for unified cgroup
+ hierarchy
+ * debian/tests/boot-and-services: Check common properties of CLI programs.
+ Verify that CLI programs have a sane behaviour and exit code when being
+ called with --help, --version, or an invalid option.
+ * nspawn: Fix exit code for --help and --version (Closes: #843544)
+ * core: Revert using the unified hierarchy for the systemd cgroup.
+ Too many things don't get along with it yet, like docker, LXC, or runc.
+ (Closes: #843509)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 09 Nov 2016 09:34:45 +0100
+
+systemd (232-2) unstable; urgency=medium
+
+ * Drop RestrictAddressFamilies from service files.
+ RestrictAddressFamilies= is broken on 32bit architectures and causes
+ various services to fail with a timeout, including
+ systemd-udevd.service.
+ While this might actually be a libseccomp issue, remove this option for
+ now until a proper solution is found. (Closes: #843160)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 05 Nov 2016 22:43:27 +0100
+
+systemd (232-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release 232:
+ - Fix "systemctl start" when ReadWriteDirectories is a symlink
+ (Closes: ##792187)
+ - Fix "journalctl --setup-keys" output (Closes: #839097)
+ - Run run sysctl service if /proc/sys/net is writable, for containers
+ (Closes: #840529)
+ - resolved: Add d.f.ip6.arpa to the DNSSEC default negative trust anchors
+ (Closes: #834453)
+ * debian/tests/logind: Copy the current on-disk unit instead of the
+ on-memory one.
+ * Build sd-boot on arm64. gnu-efi is available on arm64 now.
+ (Closes: #842617)
+ * Link test-seccomp against seccomp libs to fix FTBFS
+ * debian/rules: Remove nss-systemd (until we package it)
+ * Install new systemd-mount
+
+ [ Michael Biebl ]
+ * Install new journal-upload.conf man pages in systemd-journal-remote
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 04 Nov 2016 07:18:10 +0200
+
+systemd (231-10) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * systemctl: Add --wait option to wait until started units terminate again.
+ * nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors.
+ This makes it possible to configure a fallback to "dns" without breaking
+ DNSSEC, with "resolve [!UNAVAIL=return] dns".
+ * libnss-resolve.postinst: Skip dns fallback if resolve is present.
+ Only fall back to "dns" if nss-resolve is not installed (for the
+ architecture of the calling program). Once it is, we never want to fall
+ back to "dns" as that breaks enforcing DNSSEC verification and also
+ pointlessly retries NXDOMAIN failures. (LP: #1624071)
+ * unit: sent change signal before removing the unit if necessary
+ (LP: #1632964)
+ * networkd: Fix assertion crash on adding VTI with IPv6 addresses
+ (LP: #1633274)
+ * debian/tests/upstream: Stop specifying initrd, it is autodetected now.
+ * debian/tests/upstream: Add gcc/libc-dev/make test dependencies,
+ so that the tests can build helper binaries.
+
+ [ Felipe Sateler ]
+ * Explicitly disable installing the upstream-provided PAM configuration.
+ * Register interest in the status of dracut and initramfs-tools in reportbug
+ template
+
+ [ Michael Biebl ]
+ * Stop creating systemd-update-utmp-runlevel.service symlinks manually
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 26 Oct 2016 13:24:37 +0200
+
+systemd (231-9) unstable; urgency=medium
+
+ * pid1: process zero-length notification messages again.
+ Just remove the assertion, the "n" value was not used anyway. This fixes
+ a local DoS due to unprocessed/unclosed fds which got introduced by the
+ previous fix. (Closes: #839171) (LP: #1628687)
+ * pid1: Robustify manager_dispatch_notify_fd()
+ * test/networkd-test.py: Add missing writeConfig() helper function.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 29 Sep 2016 23:39:24 +0200
+
+systemd (231-8) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Replace remaining systemctl --failed with --state=failed
+ "--failed" is deprecated in favor of --state.
+ * debian/shlibs.local.in: More precisely define version of internal shared
+ lib.
+ * debian/tests/upstream: Drop blacklisting
+ These tests now work fine without qemu.
+ * debian/tests/storage: Avoid rmmod scsi_debug (LP: #1626737)
+ * upstream build system: Install libudev, libsystemd, and nss modules to
+ ${rootlibdir}. Drop downstream workaround from debian/rules.
+ * Ubuntu: Disable resolved's DNSSEC for the final 16.10 release.
+ Resolved's DNSSEC support is still not mature enough, and upstream
+ recommends to disable it in stable distro releases still.
+ * Fix abort/DoS on zero-length notify message triggers (LP: #1628687)
+ * resolved: don't query domain-limited DNS servers for other domains
+ (LP: #1588230)
+
+ [ Antonio Ospite ]
+ * Update systemd-user pam config to require pam_limits.so.
+ (Closes: #838191)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 29 Sep 2016 13:40:21 +0200
+
+systemd (231-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * fsckd: Do not exit on idle timeout if there are still clients connected
+ (Closes: #788050, LP: #1547844)
+
+ [ Martin Pitt ]
+ * 73-usb-net-by-mac.rules: Split kernel command line import line.
+ Reportedly this makes the rule actually work on some platforms. Thanks Alp
+ Toker! (LP: #1593379)
+ * debian/tests/boot-smoke: Only run 5 iterations
+ * systemd.postinst: Drop obsolete setcap call for systemd-detect-virt.
+ Drop corresponding libcap2-bin dependency.
+ * debian/tests/systemd-fsckd: Robustify check for "unit was running"
+ (LP: #1624406)
+ * debian/extra/set-cpufreq: Use powersave with intel_pstate.
+ This is what we did on xenial, and apparently powersave is still actually
+ better than performance. Thanks to Doug Smythies for the measurements!
+ (LP: #1579278)
+ * Ubuntu: Move ondemand.service from static to runtime enablement.
+ This makes it easier to keep performance, by disabling ondemand.service.
+ Side issue in LP: #1579278
+ * Revert "networkd: remove route if carrier is lost"
+ This causes networkd to drop addresses from unmanaged interfaces in some
+ cases. (Closes: #837759)
+ * debian/tests/storage: Avoid stderr output of stopping systemd-cryptsetup@.service
+ * libnss-*.prerm: Remove possible [key=value] options from NSS modules as well.
+ (LP: #1625584)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 20 Sep 2016 15:03:06 +0200
+
+systemd (231-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add alternative iptables-dev build dependencies
+ libiptc-dev is very new and not yet present in stable Debian/Ubuntu releases.
+ Add it as a fallback build dependency for backports and upstream tests.
+ * Detect if seccomp is enabled but seccomp filtering is disabled
+ (Closes: #832713)
+ * resolved: recognize DNS names with more than one trailing dot as invalid
+ (LP: #1600000)
+ * debian/tests/smoke: Store udev db dump artifact on failure
+ * networkd: limit the number of routes to the kernel limit
+ * systemctl: consider service running only when it is in active or reloading state
+ * networkd: remove route if carrier is lost
+ * Add Ref()/Unref() bus calls for units
+
+ [ Felipe Sateler ]
+ * git-cherry-pick: always recreate the patch-queue branch.
+
+ [ Dimitri John Ledkov ]
+ * Use idiomatic variables from dpkg include.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 11 Sep 2016 15:00:55 +0200
+
+systemd (231-5) unstable; urgency=medium
+
+ [ Iain Lane ]
+ * Let graphical-session-pre.target be manually started (LP: #1615341)
+
+ [ Felipe Sateler ]
+ * Add basic version of git-cherry-pick
+ * Replace Revert-units-add-a-basic-SystemCallFilter-3471.patch with upstream
+ patch
+ * sysv-generator: better error reporting. (Closes: #830257)
+
+ [ Martin Pitt ]
+ * 73-usb-net-by-mac.rules: Test for disabling 80-net-setup-link.rules more
+ efficiently. Stop calling readlink at all and just test if
+ /etc/udev/rules.d/80-net-setup-link.rules exists -- a common way to
+ disable an udev rule is to just "touch" it in /etc/udev/rule.d/ (i. e.
+ empty file), and if the rule is customized we cannot really predict anyway
+ if the user wants MAC-based USB net names or not. (LP: #1615021)
+ * Ship kernel-install (Closes: #744301)
+ * Add debian/extra/kernel-install.d/60-initrd.install.
+ This kernel-install drop-in copies the initrd of the selected kernel to
+ the EFI partition.
+ * bootctl: Automatically detect ESP partition.
+ This makes bootctl work with Debian's /boot/efi/ mountpoint without having
+ to explicitly specify --path.
+ Patches cherry-picked from upstream master.
+ * systemd.NEWS: Point out that alternatively rcS scripts can be moved to
+ rc[2-5]. Thanks to Petter Reinholdtsen for the suggestion!
+
+ [ Michael Biebl ]
+ * Enable iptables support (Closes: #787480)
+ * Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf"
+ The special 'key handling' inhibitors should always work regardless of
+ any *IgnoreInhibited settings – otherwise they're nearly useless.
+ Update man pages to clarify that *KeyIgnoreInhibited only apply to a
+ subset of locks (Closes: #834148)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 26 Aug 2016 10:58:07 +0200
+
+systemd (231-4) unstable; urgency=medium
+
+ * Revert "pid1: reconnect to the console before being re-executed"
+ This unbreaks consoles after "daemon-reexec". (Closes: #834367)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 18 Aug 2016 07:03:13 +0200
+
+systemd (231-3) unstable; urgency=medium
+
+ * resolved resolvconf integration: Run resolvconf without privilege
+ restrictions. On some architectures (at least ppc64el), running resolvconf
+ does not work with MemoryDenyWriteExecute=yes. (LP: #1609740)
+ * Revert unit usage of MemoryDenyWriteExecute=yes. This is implemented
+ through seccomp as well. (Closes: #832713)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 15 Aug 2016 09:58:09 +0200
+
+systemd (231-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/rules: Fix UPSTREAM_VERSION for upstream master builds
+ * Limit "link against /usr" check to some critical binaries only and add
+ generators
+ * debian/rules: Put back cleanup of *.busname (Closes: #833487)
+ * debian/tests/localed-x11-keymap: Robustify cleanup
+ * debian/tests/localed-x11-keymap: Check that localed works without
+ /etc/default/keyboard. This reproduces #833849.
+ * Revert "units: add a basic SystemCallFilter (#3471)"
+ This causes fatal failures on kernels that don't have seccomp enabled.
+ This can be reactivated once
+ https://github.com/systemd/systemd/issues/3882 is fixed.
+ (Closes: #832713, #832893)
+
+ [ Simon McVittie ]
+ * localed: tolerate absence of /etc/default/keyboard.
+ The debian-specific patch to read Debian config files was not tolerating
+ the absence of /etc/default/keyboard. This causes systemd-localed to
+ fail to start on systems where that file isn't populated (like embedded
+ systems without keyboards). (Closes: #833849)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 14 Aug 2016 10:54:57 +0200
+
+systemd (231-1) unstable; urgency=low
+
+ [ Martin Pitt ]
+ * New upstream release 231:
+ - Fix "Failed to create directory /str/sys/fs/selinux: Read-only file
+ system" warning. (Closes: #830693)
+ * systemd.postinst: Remove systemd-networkd-resolvconf-update.path removal
+ leftover. (Closes: #830778)
+ * Drop support for rcS.d SysV init scripts.
+ These are prone to cause dependency loops, and almost all packages with
+ rcS scripts now ship a native systemd service.
+ * networkd: Handle router advertisements in userspace again.
+ Drop Revert-Revert-networkd-ndisc-revert-to-letting-the-k.patch.
+ Bug #814566/#815586 got fixed in 230, and #815884 and #815884 and #815793
+ are unreproducible and need more reporter feedback.
+ * debian/gbp.conf: Enable dch options "full" and "multimaint-merge"
+ * systemd-sysv: Add Conflicts: systemd-shim.
+ To avoid shim trying to claim the D-Bus interfaces.
+ * Add graphical-session.target user unit.
+ * Add graphical-session-pre.target user unit
+ * Add debian/extra/units-ubuntu/user@.service.d/timeout.conf.
+ This avoids long hangs during shutdown if user services fail/hang due to
+ X.org going away too early. This is mostly a workaround, so only install
+ for Ubuntu for now.
+ * Dynamically add upstream version to debian/shlibs.local
+ * Set Debian/Ubuntu downstream support URL in journal catalogs
+ (Closes: #769187)
+
+ [ Michael Biebl ]
+ * Restrict Conflicts: openrc to << 0.20.4-2.1.
+ Newer versions of openrc no longer ship conflicting implementations of
+ update-rc.d/invoke-rc.d.
+ * Add Depends: dbus to systemd-container.
+ This is required for systemd-machined and systemd-nspawn to work
+ properly. (Closes: #830575)
+ * Drop insserv.conf generator.
+ We no longer parse /etc/insserv.conf and /etc/insserv.conf.d/* and
+ augment services with that dependency information via runtime drop-in
+ files. Services which want to provide certain system facilities need to
+ pull in the corresponding targets themselves. Either directly in the
+ native service unit or by shipping a drop-in snippet for SysV init
+ scripts. (Closes: #825858)
+ * getty-static.service: Only start if we have a working VC subsystem.
+ Use ConditionPathExists=/dev/tty0, the same check as in getty@.service,
+ to determine whether we have a functional VC subsystem and we should
+ start any gettys. (Closes: #824779)
+ * Stop mentioning snapshot and restore in the package description.
+ Support for the .snapshot unit type has been removed upstream.
+ * Drop sigpwr-container-shutdown.service.
+ This is no longer necessary as lxc-stop has been fixed to use SIGRTMIN+3
+ to shut down systemd based LXC containers.
+ https://github.com/lxc/lxc/pull/1086
+ https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
+
+ [ Felipe Sateler ]
+ * Add versioned breaks for packages shipping rcS init scripts
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 26 Jul 2016 12:17:14 +0200
+
+systemd (230-7) unstable; urgency=medium
+
+ * Tell dh_shlibdeps to look in the systemd package for libraries. Otherwise
+ dpkg-shlibdeps fails to find libsystemd-shared as we no longer create a
+ shlibs file for it.
+ * Add Build-Depends-Package to libudev1.symbols and libsystemd0.symbols.
+ This ensures proper dependencies when a package has a Build-Depends on a
+ higher version of libudev-dev or libsystemd-dev then what it gets from the
+ used symbols.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 08 Jul 2016 13:04:33 +0200
+
+systemd (230-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/boot-smoke: Stop running in containers again, too unreliable
+ on Ubuntu s390x right now.
+
+ [ Michael Biebl ]
+ * Bump Build-Depends on debhelper to (>= 9.20160114), required for
+ --dbgsym-migration support.
+ * Install test-udev binary into $libdir/udev/ not $libdir. Only libraries
+ should be installed directly into $libdir.
+ * Exclude libsystemd-shared from dh_makeshlibs.
+
+ [ Felipe Sateler ]
+ * Do not install libsystemd-shared.so symlink
+ * {machine,system}ctl: always pass &changes and &n_changes (Closes: #830144)
+
+ [ Michael Prokop ]
+ * debian/tests/logind: Ensure correct version of logind is running.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 07 Jul 2016 15:22:16 +0200
+
+systemd (230-5) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Sync test/networkd-test.py with current upstream master, and remove our
+ debian/tests/networkd copy. Directly run test/networkd-test.py in
+ autopkgtest.
+ * debian/extra/rules/73-usb-net-by-mac.rules: Disable when
+ /etc/udev/rules.d/80-net-setup-link.rules is a symlink to /dev/null, to be
+ consistent with the documented way to disable ifnames. (Closes: #824491,
+ LP: #1593379)
+ * debian/rules: Ignore libcap-ng.so in the "does anything link against /usr"
+ check, to work around libaudit1 recently gaining a new dependency against
+ that library (#828991). We have no influence on that ourselves. This fixes
+ the FTBFS in the meantime.
+
+ [ Felipe Sateler ]
+ * Convert common code into a private shared library. This saves about 9 MB
+ of installed size in the systemd package, and some more in systemd-*.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 01 Jul 2016 09:15:12 +0200
+
+systemd (230-4) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * tmp.mount: Add nosuid and nodev mount options. This restores compatibility
+ with the original SysV int RAMTMP defaults. (Closes: #826377)
+ * debian/tests/upstream: Some tests fail on platforms without QEMU at the
+ moment due to upstream PR#3587; blacklist these for now if QEMU is not
+ available.
+ * debian/rules: Don't run the "anything links against /usr" check for
+ upstream tests, as those run on Ubuntu 16.04 LTS which does not yet have
+ libidn moved to /lib.
+ * debian/tests/upstream: Clean up old journals before running a test, to
+ avoid printing a wrong one on failure.
+ * debian/tests/upstream: Do not run the QEMU tests on i386. Nested QEMU on
+ i386 causes testbed hangs on Ubuntu's cloud infrastructure, which is the
+ only place where these actually run.
+ * resolved: Fix SERVFAIL handling and introduce a new "Cache=" option to
+ disable local caching.
+ * resolved: Support IPv6 zone indices in resolv.conf. (LP: #1587489)
+ * resolved: Update resolv.conf when calling SetLinkDNS().
+ * debian/tests/storage: Sync and settle udev after luksFormat, to reduce the
+ chance of seeing some half-written signatures.
+ * debian/tests/networkd: Stop skipping the two DHCP6 tests, this regression
+ seems to have been fixed now.
+ * resolved: respond to local resolver requests on 127.0.0.53:53. This
+ provides compatibility with clients that don't use NSS but do DNS queries
+ directly, such as Chrome.
+ * resolved: Don't add route-only domains to /etc/resolv.conf.
+ * systemd-resolve: Add --flush-caches and --status commands.
+ * Add debian/extra/units/systemd-resolved.service.d/resolvconf.conf to tell
+ resolvconf about resolved's builtin DNS server on 127.0.0.53. With that,
+ DNS servers picked up via networkd are respected when using resolvconf,
+ and software like Chrome that does not do NSS (libnss-resolve) still gets
+ proper DNS resolution. Drop the brittle and ugly
+ systemd-networkd-resolvconf-update.{path,service} hack instead.
+ * debian/tests/boot-smoke: Run in containers as well.
+
+ [ Laurent Bigonville ]
+ * Build with IDN support. (Closes: #814528)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 29 Jun 2016 15:23:32 +0200
+
+systemd (230-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/boot-and-services: Adjust test_tmp_mount() for fixed
+ systemctl exit code for "unit not found" in upstream commit ca473d57.
+ * debian/tests/boot-and-services, test_no_failed(): Show journal of failed
+ units.
+ * debian/extra/init-functions.d/40-systemd: Adjust to changed systemctl
+ show behaviour in 231: now this fails for nonexisting units instead of
+ succeeding with "not-found". Make the code compatible to both for now.
+ * Fix networkd integration with resolvconf for domain-limited DNS servers,
+ so that these don't appear as global nameservers in resolv.conf. Thanks
+ Andy Whitcroft for the initial fix! Add corresponding test case to
+ debian/tests/networkd. (LP: #1587762)
+ * resolved: Fix comments in resolve.conf for search domain overflows.
+ (LP: #1588229)
+ * On Ubuntu, provide an "ondemand.service" that replaces
+ /etc/init.d/ondemand. The latter does not exist any more when
+ "initscripts" falls out of the default installation. (LP: #1584124) This
+ now does not do a fixed one-minute wait but uses "Type=idle" instead. This
+ also becomes a no-op when the CPU supports "intel_pstate" (≤ 5 years old),
+ as on these the ondemand/powersave schedulers are actually detrimental.
+ (LP: #1579278)
+ * debian/systemd-container.install: Drop *.busname installation, they are
+ going away upstream.
+ * debian/extra/init-functions.d/40-systemd: Do not call systemctl
+ daemon-reload if the script is called as user (like reportbug does). Also
+ make sure that daemon-reload will not invoke polkit.
+ * Install test-udeb from .libs, to avoid installing the automake shell
+ wrapper.
+ * Fix transaction restarting in resolved to avoid async processing of
+ free'd transactions.
+ (Closes: #817210, LP: #1587727, #1587740, #1587762, #1587740)
+ * Add "upstream" autopkgtest that runs the test/TEST* upstream integration
+ tests in QEMU and nspawn.
+ * Build systemd-sysusers binary, for using in rkt. Do not ship the
+ corresponding unit and sysusers.d/ files yet, as these need some
+ Debianization and an autopkgtest. (Closes: #823322)
+ * debian/tests/systemd-fsckd: Adjust was_running() to also work for version
+ 230.
+
+ [ Michael Biebl ]
+ * Add "systemctl daemon-reload" to lsb init-functions hook if the LoadState
+ of a service is "not-found". This will run systemd-sysv-generator, so SysV
+ init scripts that aren't installed by the package manager should be picked
+ up automatically. (Closes: #825913)
+ * automount: handle expire_tokens when the mount unit changes its state.
+ (Closes: #826512)
+ * debian/systemd.preinst: Correctly determine whether a service is enabled.
+ Testing for the return code alone is not sufficient as we need to
+ differentiate between "generated" and "enabled" services.
+ (Closes: #825981)
+
+ [ Felipe Sateler ]
+ * Drop configure option --disable-compat-libs. It no longer exists.
+ * Add policykit-1 to Suggests. It is used to allow unprivileged users to
+ execute certain commands. (Closes: #827756)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 21 Jun 2016 23:51:07 +0200
+
+systemd (230-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Don't add a Breaks: against usb-modeswitch when building on Ubuntu; there
+ it does not use hotplug.functions and is a lower version.
+ * boot-and-services autopkgtest: Add missing xserver-xorg and
+ lightdm-greeter test dependencies, so that lightdm can start.
+ (See LP #1581106)
+ * Re-disable logind's KillUserProcesses option by default. (Closes: #825394)
+
+ [ Michael Biebl ]
+ * Drop --disable-silent-rules from debian/rules. This is now handled by dh
+ directly depending on whether the DH_QUIET environment variable is set.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 31 May 2016 12:02:14 +0200
+
+systemd (230-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release 230.
+ - Fix rare assertion failure in hashmaps. (Closes: #816612)
+ - Fix leaking scope units. (Closes: #805477)
+ - Fix wrong socket ownership after daemon-reload. (LP: #1577001)
+ - udev: Fix touch screen detection. (LP: #1530384)
+ * Drop cmdline-upstart-boot autopkgtest. It was still needed up to Ubuntu
+ 16.04 LTS, but upstart-sysv is not supported any more in Debian and Ubuntu
+ now.
+ * udev: Drop hotplug.functions, now that the last remaining user of this got
+ fixed. Add appropriate versioned Breaks:.
+ * debian/extra/rules/70-debian-uaccess.rules: Add some more FIDO u2f devices
+ from different vendors. Thanks Atoyama Tokanawa.
+ * Remove "bootchart" autopkgtest, this upstream version does not ship
+ bootchart any more. It will be packaged separately.
+
+ [ Michael Biebl ]
+ * Drop obsolete --disable-bootchart configure switch from udeb build.
+ * Remove obsolete /etc/systemd/bootchart.conf conffile on upgrades.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 23 May 2016 09:42:51 +0200
+
+systemd (229-6) unstable; urgency=medium
+
+ * systemd-container: Prefer renamed "btrfs-progs" package name over
+ "btrfs-tools". (Closes: #822629)
+ * systemd-container: Recommend libnss-mymachines. (Closes: #822615)
+ * Drop systemd-dbg, in favor of debhelpers' automatic -dbgsym packages.
+ * Drop Add-targets-for-compatibility-with-Debian-insserv-sy.patch; we don't
+ need $x-display-manager any more as most/all DMs ship native services, and
+ $mail-transport-agent is not widely used (not even by our default MTA
+ exim4).
+ * Unify our two patches for Debian specific configuration files.
+ * Drop udev-re-enable-mount-propagation-for-udevd.patch, i. e. run udevd in
+ its own slave mount name space again. laptop-mode-tools 1.68 fixed the
+ original bug (#762018), thus add a Breaks: to earlier versions.
+ * Ship fbdev-blacklist.conf in /lib/modprobe.d/ instead of /etc/modprobe.d/;
+ remove the conffile on upgrades.
+ * Replace util-Add-hidden-suffixes-for-ucf.patch with patch that got
+ committed upstream.
+ * Replace Stop-syslog.socket-when-entering-emergency-mode.patch with patch
+ that got committed upstream.
+ * debian/udev.README.Debian: Adjust documentation of MAC based naming for
+ USB network cards to the udev rule, where this was moved to in 229-5.
+ * debian/extra/init-functions.d/40-systemd: Invoke status command with
+ --no-pager, to avoid blocking scripts that call an init.d script with
+ "status" with an unexpected pager process. (Closes: #765175, LP: #1576409)
+ * Add debian/extra/rules/70-debian-uaccess.rules: Make FIDO U2F dongles
+ accessible to the user session. This avoids having to install libu2f-host0
+ (which isn't discoverable at all) to make those devices work.
+ (LP: #1387908)
+ * libnss-resolve: Enable systemd-resolved.service on package installation,
+ as this package makes little sense without resolved.
+ * Add a DHCP exit hook for pushing received NTP servers into timesyncd.
+ (LP: #1578663)
+ * debian/udev.postinst: Fix migration check from the old persistent-net
+ generator to not apply to chroots. (Closes: #813141)
+ * Revert "enable TasksMax= for all services by default, and set it to 512".
+ Introducing a default limit on number of threads broke a lot of software
+ which regularly needs more, such as MySQL and RabbitMQ, or services that
+ spawn off an indefinite number of subtasks that are not in a scope, like
+ LXC or cron. 512 is way too much for most "simple" services, and it's way
+ too little for the ones mentioned above. Effective (and much stricter)
+ limits should instead be put into units individually.
+ (Closes: #823530, LP: #1578080)
+ * Split out udev rule to name USB network interfaces by MAC address into
+ 73-usb-net-by-mac.rules, so that it's easier to disable. (Closes: #824025)
+ * 73-usb-net-by-mac.rules: Disable when net.ifnames=0 is specified on the
+ kernel command line, to be consistent with disabling the *.link files.
+ * 73-special-net-names.rule: Name the IBM integrated management module
+ virtual USB network card "ibmimm". Thanks Marco d'Itri!
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 12 May 2016 09:40:19 +0200
+
+systemd (229-5) unstable; urgency=medium
+
+ * debian/tests/unit-config: Call "daemon-reload" to clean up generated units
+ in between tests.
+ * debian/tests/unit-config: Check that enable/disable commands are
+ idempotent.
+ * debian/tests/unit-config: Detect if system units are in /usr/, so that the
+ test works on systems with merged /usr.
+ * debian/tests/unit-config: Use systemd-sysv-install instead of update-rc.d
+ directly, so that the test works under Fedora too.
+ * debian/tests/unit-config: Check disabling of a "systemctl link"ed unit,
+ and check "systemctl enable" on a unit with full path which is not in the
+ standard directories.
+ * Rename debian/extra/rules/73-idrac.rules to 73-special-net-names.rules, as
+ it is going to get rules for other devices. Also install it into the
+ initramfs.
+ * debian/extra/rules/73-special-net-names.rules: Add DEVPATH number based
+ naming schema for ibmveth devices. (LP: #1561096)
+ * Don't set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 devmapper
+ devices with "change" events, as this causes spurious unmounting with
+ multipath devices. (LP: #1565969)
+ * Fix bogus "No [Install] section" warning when enabling a unit with full
+ path. (LP: #1563590)
+ * debian/tests/cmdline-upstart-boot: In test_rsyslog(), check for messages
+ from dbus instead of NetworkManager. NM 1.2 does not seem to log to syslog
+ by default any more.
+ * Bump Standards-Version to 3.9.8 (no changes necessary).
+ * debian/tests/boot-smoke: Add some extra debugging if there are pending
+ jobs after 10s, to figure out why lightdm is sometimes "restarting".
+ (for LP #1571673)
+ * debian/tests/boot-smoke: Configure dummy X.org driver (like in the
+ boot-and-services test), to avoid lightdm randomly fail. (LP: #1571673)
+ * Move Debian specific patches into debian/patches/debian (which translates
+ to "Gbp-Pq: Topic debian" with pq). This keeps upstream vs. Debian
+ patches separated without the comments in debian/patches/series (which
+ always get removed by "pq export").
+ * Don't ship an empty /etc/X11/xinit/xinitrc.d/ directory, this isn't
+ supported in Debian. (Closes: #822198)
+ * udev: Mark nbd as inactive until connected. (Closes: #812485)
+ * On shutdown, unmount /tmp before disabling swap. (Closes: #788303)
+ * debian/systemd-coredump.postinst: Do daemon-reload before starting
+ systemd-coredump, as the unit file may have changed on upgrades.
+ (Closes: #820325)
+ * Set MAC based name for USB network interfaces only for universally
+ administered (i. e. stable) MACs, not for locally administered (i. e.
+ randomly generated) ones. Drop /lib/systemd/network/90-mac-for-usb.link
+ (as link files don't currently support globs for MACAddress=) and replace
+ with an udev rule in /lib/udev/rules.d/73-special-net-names.rules.
+ (Closes: #812575, LP: #1574483)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 25 Apr 2016 11:08:11 +0200
+
+systemd (229-4) unstable; urgency=medium
+
+ * Fix assertion crash when processing a (broken) device without a sysfs
+ path. (Closes: #819290, LP: #1560695)
+ * Fix crash when shutdown is issued from a non-tty. (LP: #1553040)
+ * networkd: Stay running while any non-loopback interface is up.
+ (Closes: #819414)
+ * Fix reading uint32 D-Bus properties on big-endian.
+ * Fix crash if an udev device has many tags or devlinks. (LP: #1564976)
+ * systemctl, loginctl, etc.: Don't start polkit agent when running as root.
+ (LP: #1565617)
+ * keymap: Add Add HP ZBook (LP: #1535219) and HP ProBook 440 G3.
+ * systemd.resource-control.5: Fix links to cgroup documentation on
+ kernel.org. (Closes: #819970)
+ * Install test-udev into libudev-dev, so that we have it available for
+ autopkgtests.
+ * Add "udev" autopkgtest for running the upstream test/udev-test.pl.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 07 Apr 2016 08:11:10 +0200
+
+systemd (229-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/timedated: Add tests for "timedatectl set-local-rtc".
+ * Be more tolerant in parsing /etc/adjtime.
+ * debian/systemd.postinst: Don't fail package installation if systemctl
+ daemon-reload trigger fails. This does not fix the root cause of the
+ reload failures, but at least causes fewer packages to be in a broken
+ state after upgrade, so that a reboot or apt-get -f install have a much
+ higher chance in succeeding. (For bugs like LP #1502097 or LP #1447654)
+ * debian/tests/networkd: Skip test_hogplug_dhcp_ip6 when running against
+ upstream as well.
+ * debian/tests/boot-and-services: Wait for units to stop with a "systemctl
+ is-active" loop instead of static sleeps.
+ * debian/tests/networkd: Skip DHCPv6 tests for downstream packages too. This
+ is an actual regression in networkd-229, to be investigated. But this
+ shouldn't hold up reverse dependencies.
+ * Fix assertion in add_random(). (LP: #1554861)
+ * debian/tests/boot-and-services: Don't assert on "Stopped Container c1"
+ message in NspawnTests.test_service(), this is sometimes not present. Just
+ check that the unit did not fail.
+ * Add "adduser" dependency to systemd-coredump, to quiesce lintian.
+ * Bump Standards-Version to 3.9.7 (no changes necessary).
+ * Fix timespec parsing by correctly initializing microseconds.
+ (Closes: #818698, LP: #1559038)
+ * networkd: Add fallback if FIONREAD is not supported. (Closes: #818488)
+ * Cherry-pick various fixes from upstream master.
+ - Fixes logout when changing the current target. (Closes: #805442)
+
+ [ Evgeny Vereshchagin ]
+ * debian/tests/boot-and-services: Search systemd-coredump's output by
+ SYSLOG_IDENTIFIER.
+ * Add missing "Recommends: btrfs-tools" to systemd-container.
+ * Add systemd-coredump postinst/prerm to start/stop systemd-coredump.socket
+ without a reboot. (Closes: #816767)
+
+ [ Felipe Sateler ]
+ * Set the paths of loadkeys and setfont via configure arguments, not a patch
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 21 Mar 2016 14:11:44 +0100
+
+systemd (229-2) unstable; urgency=medium
+
+ * time-util: map ALARM clockids to non-ALARM clockids in now(), to work on
+ architectures which don't support CLOCK_BOOTTIME_ALARM. Fixes FTBFS on
+ many architectures.
+ * debian/systemd.postinst: Add missing newline to /etc/adjtime migration.
+ (See #699554)
+ * debian/systemd.postinst: Only try to enable tmp.mount if we actually
+ copied it to /etc. Don't try to enable a generated unit. (LP: #1545707)
+ * debian/tests/boot-and-services: Increase timeouts of test_bash_crash from
+ 5 to 10 seconds, and sync the journal after every iteration.
+ * debian/extra/checkout-upstream: Try again after one minute if git checkout
+ fails, to avoid failures from transient network errors.
+ * debian/tests/systemd-fsckd: Use grub.d/50-cloudimg-settings.cfg as a
+ template for generating our custom one instead of 90-autopkgtest.cfg. The
+ latter does not exist on non-x86 architectures and is not relevant for
+ this test.
+ * debian/tests/boot-and-services: Skip journal test for test_bash_crash when
+ running against upstream, as this currently fails most of the time. To be
+ investigated.
+ * debian/tests/networkd: Skip test_coldplug_dhcp_ip6 when running against
+ upstream, as this is brittle there. To be investigated.
+ * debian/tests/bootchart: Skip test if bootchart is not available or
+ testing in upstream mode. bootchart got removed from master and will be
+ moved to a separate repository.
+ * debian/tests/boot-and-services: Show verbose journal output on failure in
+ nspawn test, and sync journal before.
+ * Move systemd-coredump socket and service into systemd-coredump binary
+ package.
+ * Revert changing the default core dump ulimit and core_pattern. This
+ completely breaks core dumps without systemd-coredump. It's also
+ contradicting core(8). (Closes: #815020)
+ * Fix addresses for type "sit" tunnels. (Closes: #816132)
+ * networkd: Go back to letting the kernel handle IPv6 router advertisements,
+ as networkd's own currently has too many regressions. Thanks to Stefan
+ Lippers-Hollmann for investigating this! (Closes: #814566,
+ #814667, #815586, #815884, #815793)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 28 Feb 2016 22:16:12 +0100
+
+systemd (229-1) unstable; urgency=medium
+
+ * New upstream release 229.
+ - Fix systemctl behaviour in chroots. (Closes: #802780)
+ - Fix SELinux context of /run/user/$UID. (Closes: #775651)
+ - Add option to optionally turn of color output. (Closes: #783692)
+ - Don't git-ignore src/journal-remote/browse.html. (Closes: #805514)
+ - Do not warn about Wants depencencies on masked units. (LP: #1543282)
+ * debian/systemd.install: Ship the new systemd-resolve.
+ * libsystemd0.symbols: Add new symbols from this release.
+ * systemd-coredump.postinst: Create systemd-coredump system user.
+ * debian/tests/systemd-fsckd: Tame overly strict test for failed plymouth
+ unit, which is a race condition with plymouthd auto-stopping.
+ (LP: #1543144)
+ * Drop timedated-don-t-rely-on-usr-being-mounted-in-the-ini.patch.
+ initramfs-tools has mounted /usr since Jessie, and tzdata now creates
+ /etc/localtime as a symlink too (see #803144).
+ * Use-different-default-paths-for-various-binaries.patch: Drop path changes
+ for setcap (which is already a build dep and not used at all) and sulogin
+ (which is now in util-linux).
+ * Remove obsolete udev maintainer script checks:
+ - Drop check for kernel >= 2.6.32, which released in 2009.
+ - Drop restarting of some daemons due to the devtmpfs migration, which
+ happened before the above kernel even.
+ - Drop support for forcing upgrades on kernels known not to work via
+ /etc/udev/kernel-upgrade. Don't pretend that this would help, as users
+ could end up with a non-bootable system. Always fail early in preinst
+ when it's still possible to install a working kernel.
+ - Drop postinst test for "running in containers" -- it's actually possible
+ to run udev in containers if you mount /sys r/w and you know what you
+ are doing. Also, the init.d script and systemd service do that check
+ again.
+ - Keep the kernel feature and chroot checks, as these are still useful.
+ Simplify check_kernel_features() by eliminating some variables.
+ - Drop debconf templates. Two of them are obsolete, and having
+ CONFIG_SYSFS_DEPRECATED is now so implausible that this doesn't warrant
+ the overhead and translator efforts.
+ * Drop debian/tests/ifupdown-hotplug. The units moved into ifupdown, so the
+ test should go there too (see #814312).
+ * debian/tests/control: Reorder tests and add a comment which ones should
+ not be run for an upstream build.
+ * debian/tests/control: Rearrange tests and avoid removing test dependencies
+ to minimize testbed resets.
+ * Add debian/extra/checkout-upstream: Script to replace the current
+ source with a checkout of an upstream pull request, branch, or commit,
+ and remove debian/patches/. Call from debian/rules if $TEST_UPSTREAM is
+ set. This will be used for upstream CI.
+ * Enable seccomp support on powerpc, ppc64el, and s390x.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 11 Feb 2016 21:02:39 +0100
+
+systemd (228-6) unstable; urgency=medium
+
+ * Make-run-lock-tmpfs-an-API-fs.patch: Drop /run/lock from
+ tmpfiles.d/legacy.conf to avoid the latter clobbering the permissions of
+ /run/lock. Fixes fallout from cleanup in -5 that resulted /run/lock to
+ have 0755 permissions instead of 1777. (LP: #1541775)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 04 Feb 2016 11:46:54 +0100
+
+systemd (228-5) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Drop systemd-vconsole-setup.service: It has never been installed/used in
+ Debian and is not necessary for Ubuntu any more.
+ * Drop halt-local.service. This has never been documented/used in Debian.
+ (LP: #1532553)
+ * debian/extra/initramfs-tools/scripts/init-bottom/udev: Prefer "nuke"
+ again, it comes from klibc-utils. But fall back to "rm" if it does not
+ exist.
+ * systemd-timesyncd.service.d/disable-with-time-daemon.conf: Also don't run
+ if /usr/sbin/VBoxService exists, as virtualbox-guest-utils already
+ provides time synchronization with the host. (Closes: #812522)
+ * Drop Michael Stapelberg from Uploaders:, he stopped maintenance long ago.
+ Thanks Michael for your great work in the past!
+ * Replace "sysv-rc" dependency with Conflicts: openrc, file-rc. The
+ rationale from #739679 still applies, but with the moving of
+ {invoke,update}-rc.d to init-system-helpers we don't actually need
+ anything from sysv-rc any more other than the assumption that SysV init
+ scripts are enabled in /etc/rc?.d/ for the SysV generator to work (and
+ file-rc and openrc don't do that).
+ * debian/tests/timedated: Verify /etc/localtime symlink. Skip verifying the
+ /etc/timezone file (which is Debian specific) if $TEST_UPSTREAM is set.
+ * debian/tests/localed-locale: Check /etc/locale.conf if $TEST_UPSTREAM is
+ set.
+ * debian/tests/localed-x11-keymap: Test /etc/X11/xorg.conf.d/00-keyboard.conf
+ if $TEST_UPSTREAM is set.
+ * debian/tests/boot-and-services: Check for reaching graphical.target
+ instead of default.target, as the latter is a session systemd state only.
+ * debian/tests/boot-and-services: Skip tests which are known to fail/not
+ applicable with testing upstream builds.
+ * Drop Fix-up-tmpfiles.d-permissions-properly.patch:
+ - /run/lock is already created differently by
+ Make-run-lock-tmpfs-an-API-fs.patch, and contradicts to that.
+ - /run/lock/lockdev/ isn't being used anywhere and got dropped
+ upstream; backport the patch (tmpfiles-drop-run-lock-lockdev.patch).
+ - Move dropping of "group:wheel" (which has never existed in Debian) into
+ debian/rules, to also catch occurrences in other parts of the file which
+ the static patch would overlook.
+ * Shorten persistent identifier for CCW network interfaces (on s390x only).
+ (LP: #1526808)
+ * debian/rules: If $TEST_UPSTREAM is set (when building/testing upstream
+ master instead of distro packages), don't fail on non-installed new files
+ or new library symbols.
+ * Add systemd-sysv conflict to upstart-sysv, and version the upstart
+ conflict. This works with both Debian's and Ubuntu's upstart packages.
+
+ [ Michael Biebl ]
+ * Drop support for the /etc/udev/disabled flag file. This was a workaround
+ for udev failing to install with debootstrap because it didn't use
+ invoke-rc.d and therefor was not compliant with policy-rc.d. See #520742
+ for further details. This is no longer the case, so supporting that file
+ only leads to confusion about its purpose.
+ * Retrigger cleanup of org.freedesktop.machine1.conf and
+ hwclock-save.service now that dpkg has been fixed to correctly pass the
+ old version to postinst on upgrade. (Closes: #802545)
+ * Only ship *.link files as part of the udev package. The *.network files
+ are solely used by systemd-networkd and should therefor be shipped by the
+ systemd package. (Closes: #808237)
+ * Cherry-pick a few fixes from upstream:
+ - Fix unaligned access in initialize_srand(). (Closes: #812928)
+ - Don't run kmod-static-nodes.service if module list is empty. This
+ requires kmod v23. (Closes: #810367)
+ - Fix typo in systemctl(1). (Closes: #807462)
+ - Fix systemd-nspawn --link-journal=host to not fail if the directory
+ already exists. (Closes: #808222)
+ - Fix a typo in logind-dbus.c. The polkit action is named
+ org.freedesktop.login1.power-off, not org.freedesktop.login1.poweroff.
+ - Don't log an EIO error in gpt-auto-generator if blkid finds something
+ which is not a partition table. (Closes: #765586)
+ - Apply ACLs to /var/log/journal and also set them explicitly for
+ system.journal.
+ * Only skip the filesystem check for /usr if the /run/initramfs/fsck-usr
+ flag file exists. Otherwise we break booting with dracut which uses
+ systemd inside the initramfs. (Closes: #810748)
+ * Update the instructions in README.Debian for creating /var/log/journal.
+ They are now in line with the documentation in the systemd-journald(8) man
+ page and ensure that ACLs and group permissions are properly set.
+ (Closes: #800947, #805617)
+ * Drop "systemctl daemon-reload" from lsb init-functions hook. This is no
+ longer necessary as invoke-rc.d and init-system-helpers take care of this
+ nowadays.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 03 Feb 2016 10:09:46 +0100
+
+systemd (228-4) unstable; urgency=medium
+
+ * debian/udev.README.Debian: Add alternative way of disabling ifnames.
+ (Closes: #809339)
+ * Put back /lib/udev/hotplug.functions, until the three remaining packages
+ that use it stop doing so. (Closes: #810114)
+ * debian/udev.README.Debian: Point out that any change to interface naming
+ rules requires an initrd update.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 11 Jan 2016 07:12:40 +0100
+
+systemd (228-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/rules: Remove temporary debug output from test failures again. All
+ Debian buildd kernels are recent enough now, but add a check for kernels
+ older than 3.13 and ignore test failures for those.
+ * debian/tests/networkd: Factor out dnsmasq specific test "router" setup, so
+ that we can test against other implementations.
+ * debian/tests/networkd: Add router setup using an (isolated) networkd
+ process for configuring the veths and DHCP server.
+ * debian/tests/networkd: On failure, only show journal for current test.
+ * systemd-networkd-resolvconf-update.service: Wait for getting a name
+ server, not just for getting online.
+ * debian/tests/boot-and-services: Wait until bash crash stack trace is in
+ the journal before asserting on it. Also relax RE to work on non-x86
+ architectures.
+ * debian/tests/networkd: If /etc/resolv.conf already has three nameservers,
+ accept that too (as then the additional test one can't be added any more).
+ * Fix FTBFS on x32. Thanks Helmut Grohne! (Closes: #805910)
+ * debian/tests/networkd: For IPv6 tests, also wait for IPv4 address to
+ arrive; s-n-wait-online already exits after getting an IPv6 address, but
+ we verify both.
+ * debian/tests/boot-and-services: Don't check for "Requesting system
+ poweroff" log message in nspawn test, current upstream master does not
+ write that any more. Instead check for "Stopped Container c1".
+ * Add "storage" autopkgtest. Initially this covers some basic use cases with
+ LUKS cryptsetup devices.
+ * Add acl build dependency (for <!nocheck>). Current upstream master now
+ needs it for some test cases.
+ * debian/extra/initramfs-tools/scripts/init-bottom/udev: Use "rm -rf"
+ instead of "nuke". The latter does not exist any more in current
+ initramfs-tools.
+ * Ignore test failures during "make check" if /etc/machine-id is missing
+ (like in ancient local schroots). (Closes: #807884)
+ * debian/extra/rules/80-debian-compat.rules: Remember which device got the
+ "cdrw", "dvd", or "dvdrw" symlink to avoid changing links on device
+ events. (Closes: #774080). Drop the rule for the "cdrom" symlink as that
+ is already created in 60-cdrom_id.rules.
+ * Eliminate "hotplug.functions" udev helper and put the logging functions
+ directly into net.agent. This simplifies the migration of the latter to
+ ifupdown.
+ * Adjust manpages to keep /usr/lib/systemd/{user*,boot,ntp-units.d,modules*}
+ paths, only keep /lib/systemd/{system*,network}. (Closes: #808997)
+ * debian/udev.README.Debian: Fix typo and slight wording improvement.
+ (Closes: #809513)
+ * Drop net.agent, 80-networking.rules, and ifup@.service. These moved to
+ ifupdown 0.8.5 now. Add Breaks: to earlier versions.
+
+ [ Michael Biebl ]
+ * Bump Build-Depends on libdw-dev to (>= 0.158) as per configure.ac.
+ (Closes: #805631)
+ * Make sure all swap units are ordered before the swap target. This avoids
+ that swap devices are being stopped prematurely during shutdown.
+ (Closes: #805133)
+ * Drop unneeded /etc/X11/xinit/xinitrc.d/50-systemd-user.sh from the package
+ and clean up the conffile on upgrades. We have the dbus-user-session
+ package in Debian to properly enable the D-Bus user-session mode which
+ also takes care of updating the systemd --user environment.
+ (Closes: #795761)
+ * Stop testing for unknown arguments in udev maintainer scripts.
+ * Drop networking.service.d/systemd.conf. The ifupdown package now ships a
+ proper service file so this drop-in file is no longer necessary.
+
+ [ Andreas Henriksson ]
+ * Fix LSB init hook to not reload masked services. (Closes: #804882)
+
+ -- Martin Pitt <mpitt@debian.org> Sat, 02 Jan 2016 17:42:56 +0100
+
+systemd (228-2) unstable; urgency=medium
+
+ * Remove wrong endianness conversion in test-siphash24 to fix FTBFS on
+ big-endian machines.
+ * Bump libseccomp-dev build dependency to indicate required versions for
+ backporting to jessie. (Closes: #805497)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 19 Nov 2015 11:37:45 +0100
+
+systemd (228-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix journald killing by watchdog. (Closes: #805042)
+ - Drop check for /etc/mtab. (Closes: #802025)
+ - Follow unit file symlinks in /usr, but not /etc when looking for
+ [Install] data, to avoid getting confused by Aliases. (Closes: #719695)
+ - journalctl: introduce short options for --since and --until.
+ (Closes: #801390)
+ - journald: Never accept fds from file systems with mandatory locking.
+ (LP: #1514141)
+ - Put nspawn containers in correct slice. (LP: #1455828)
+ * Cherry-pick some networkd fixes from trunk to fix regressions from 228.
+ * debian/rules: Configure with --as-needed to avoid unnecessary binary
+ dependencies.
+ * systemd-networkd-resolvconf-update.service: Increase StartLimitBurst, as
+ this might be legitimately called several times in quick succession. If
+ that part of the "networkd" autopkgtest fails, show the journal log for
+ that service for easier debugging.
+ * debian/tests/boot-and-services: Add test case for systemd-coredump.
+ * Add systemd-coredump postinst/prerm to enable/disable this without a
+ reboot.
+ * debian/tests/networkd: Check for systemd-networkd-wait-online in /usr as
+ well, for usage in other distros.
+ * debian/tests/logind: Skip suspend test if the kernel does not support
+ suspend.
+ * debian/tests/logind: Split tests into functions.
+ * debian/tests/boot-and-services: Ignore failures of console-setup.service,
+ to work around LP: #1516591.
+ * debian/tests/control: Restrict boot-smoke test to isolation-machine, it
+ does not currently work well in LXC.
+ * debian/tests/networkd: Add new test cases for "DHCP=all, IPv4 only,
+ disabling RA" (which should always be fast), "DHCP=all, IPv4 only" (which
+ will require a longer timeout due to waiting 12s for a potential IPv6 RA
+ reply), and "DHCP=ipv4" (with and without RA).
+ * debian/tests/networkd: Fix UnicodeDecodeError under 'C' locale.
+ * debian/tests/networkd: Show networkctl and journal output on failure.
+ * debian/tests/networkd: Fix bytes vs. string TypeError in the IPv6 polling.
+ (LP: #1516009)
+ * debian/tests/networkd: Show contents of test .network file on failure.
+ * debian/tests/networkd: Skip if networkd is already running (safer when
+ running on real systems), and add copyright header.
+ * Bump util-linux dependencies to >= 2.27.1 to ensure that the mount monitor
+ ignores /etc/mtab.
+
+ [ Felipe Sateler ]
+ * Enable elfutils support for getting stack traces for systemd-coredump.
+ * libnss-my{machines,hostname}.postrm: do not remove entries from
+ nsswitch.conf if there are packages from other architectures remaining.
+
+ [ Michael Biebl ]
+ * Drop systemd-setup-dgram-qlen.service. This has been made obsolete by
+ upstream commit 1985486 which bumps net.unix.max_dgram_qlen to 512 early
+ during boot.
+ * Various cleanups to the udev maintainer scripts:
+ - Remove unused tempdir() function.
+ - Properly stop udev daemon on remove.
+ - Stop killing udev daemon on failed upgrades and drop the corresponding
+ starts from preinst.
+ - Stop masking systemd-udevd.service and udev.service during upgrades. We
+ restart the udev daemon in postinst, so those masks seem unnecessary.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 18 Nov 2015 16:11:59 +0100
+
+systemd (227-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/logind: Add tests for scheduled shutdown with and without
+ wall message.
+ * Import upstream fix for not unmounting system mounts (#801361) and drop
+ our revert patch.
+ * debian/tests/boot-smoke: Apply check for failed unmounts only to user
+ systemd processes, i. e. not to pid 1.
+ * Drop Fix-usr-remount-failure-for-split-usr.patch. Jessie has a new enough
+ initramfs-tools already, and this was just an error message, not breaking
+ the boot.
+ * Drop debian-fixup.service in favor of using a tmpfiles.d clause, which is
+ faster.
+ * Drop Order-remote-fs.target-after-local-fs.target.patch. It's mostly
+ academic and only applies to the already known-broken situation that rcS
+ init.d scripts depend on $remote_fs.
+ * Replace reversion of sd_pid_notify_with_fds() msg_controllen fix with
+ proper upstream fix to never block on sending messages on NOTIFY_SOCKET
+ socket.
+ * Drop check for missing /etc/machine-id on "make check" failure; this isn't
+ happening on current buildds any more.
+ * Drop Disable-tests-which-fail-on-buildds.patch, to re-evaluate what still
+ fails and needs fixing. On failure, show kernel version and /etc/hosts
+ to be able to debug them better. The next upload will make the necessary
+ adjustments to fix package builds again.
+
+ [ Michael Biebl ]
+ * Drop dependency on udev from the systemd package. We don't need udev
+ within a container, so this allows us to trim down the footprint by not
+ installing the udev package. As the udev package has Priority: important,
+ it is still installed by default though.
+ * Include the status of the udev package when filing a bug report against
+ systemd, and vice versa.
+ * Use filter instead of findstring, since findstring also matches
+ substrings and we only want direct matches.
+ * systemd.bug-script: Fix typo. (Closes: #804512)
+ * Re-add bits which call SELinux in systemd-user pam service.
+ (Closes: #804565)
+
+ [ Felipe Sateler ]
+ * Add libnss-resolve package. (Closes: #798905)
+ * Add systemd-coredump package. This Conflicts/Replaces/Provides a new
+ "core-dump-handler" virtual package. (Closes: #744964)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 11 Nov 2015 15:04:26 +0100
+
+systemd (227-2) unstable; urgency=medium
+
+ * Revert "sd_pid_notify_with_fds: fix computing msg_controllen", it causes
+ connection errors from various services on boot. (Closes: #801354)
+ * debian/tests/boot-smoke: Check for failed unmounts. This reproduces
+ #801361 (but not in a minimal VM, just in a desktop one).
+ * Revert "core: add a "Requires=" dependency between units and the
+ slices they are located in". This causes user systemd instances to try and
+ unmount system mounts (and succeed if you login as root).
+ (Closes: #801361)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 09 Oct 2015 12:34:27 +0200
+
+systemd (227-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Bump watchdog timeout for shipped units to 3 min. (Closes: #776460)
+ - gpt-auto-generator: Check fstab for /boot entries. (Closes: #797326)
+ - Fix group of RuntimeDirectory dirs. (Closes: #798391)
+ - Support %i (and other macros) in RuntimeDirectory. (Closes: #799324)
+ - Bump util-linux/libmount-dev dependencies to >= 2.27.
+ * debian/libsystemd0.symbols: Add new symbols for this release.
+ * debian/extra/initramfs-tools/hooks/udev: Copy all
+ /etc/udev/rules.d/*.rules rules which are not merely overriding the one in
+ /lib/, not just 70-persistent-net.rules. They might contain network names
+ or other bits which are relevant for the initramfs. (Closes: #795494)
+ * ifup@.service: Drop PartOf=network.target; we don't want to stop these
+ units during shutdown. Stopping networking.service already shuts down the
+ interfaces, but contains the safeguard for NFS or other network file
+ systems. Isolating emergency.target still keeps working as before as well,
+ as this also stops networking.service. (Closes: #761909, LP: #1492546)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 08 Oct 2015 11:34:35 +0200
+
+systemd (226-4) unstable; urgency=medium
+
+ * debian/tests/logind: Be more verbose on failures.
+ * Revert networkd calling if-{up,post-down}.d/ scripts. About half of the
+ existing hooks are not relevant or even actively detrimental when running
+ with networkd. For the relevant ones, a lot of them should be fixed in the
+ projects themselves (using IP_FREEBIND etc.). (Closes: #798625)
+ * Add systemd-networkd-resolvconf-update.{path,service} units to send DNS
+ server updates from networkd to resolvconf, if installed and enabled.
+ * Don't restart logind on upgrades any more. This kills X.org (#798097)
+ while logind doesn't save/restore its open fds (issue #1163), and also
+ gets confused about being idle in between (LP: #1473800)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 02 Oct 2015 13:44:28 +0200
+
+systemd (226-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * README.Debian: Fix "other" typo. Thanks Salvatore Bonaccorso.
+ (Closes: #798737)
+
+ [ Michael Biebl ]
+ * Stop building the compat library packages and drop them for good.
+ * Update debian/copyright.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 19 Sep 2015 19:06:51 +0200
+
+systemd (226-2) unstable; urgency=medium
+
+ * debian/udev.init: Mount /dev file system with nosuid. (LP: #1450960)
+ * udev.postinst: udev 226 introduced predictable interface names for virtio.
+ Create /etc/systemd/network/50-virtio-kernel-names.link on upgrade to
+ disable this, to avoid changing e. g. "eth0" to "ens3" in QEMU instances
+ and similar environments. (Closes: #799034)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 15 Sep 2015 15:21:09 +0200
+
+systemd (226-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix scheduled shutdown to not shut down immediately. (Closes: #797763)
+ - Fix description of CPE_NAME in os-release(5). (Closes: #797768)
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * Enable libseccomp support for mips64, mips64el, and x32. (Closes: #797403)
+ * debian/tests/networkd: Add hotplug tests.
+ * Make networkd call if-up.d/ scripts when it brings up interfaces, to
+ become compatible with ifupdown and NetworkManager for packages shipping
+ hooks. (LP: #1492129)
+ - Add debian/extra/systemd-networkd-dispatcher.c: suid root wrapper for
+ calling if-up.d/ or if-post-down.d/ hook scripts. Install it as
+ root:systemd-networkd 4754 so that only networkd can run it.
+ - Add networkd-call-systemd-networkd-dispatcher-when-links.patch: Call the
+ above wrapper when links go up/down.
+ - debian/tests/networkd: Verify that if-up.d/ and if-post-down.d/ scripts
+ get run for a networkd managed interface.
+ - Note that if-pre-up.d/ and if-down.d/ scripts are *not* being called, as
+ they are often not applicable for networkd (if-pre-up.d) and unreliable
+ (if-down.d).
+ * Drop udev-finish. We needed this for the autogenerated CD and network
+ interface names, but both are gone now.
+ * Drop debian/udev.udev-fallback-graphics.upstart. The vesafb module has
+ been compiled into the kernel in both Debian and Ubuntu for a fair while,
+ this never had a systemd equivalent, and Debian never shipped the
+ accompanying rules for determining $PRIMARY_DEVICE_FOR_DISPLAY.
+ * debian/control: Remove some boilerplate from the long descriptions, to
+ more easily get to the point what a specific package actually does.
+ * debian/README.Debian: As systemd is the default init now, replace the
+ documentation how to switch to systemd with how to switch back
+ (temporarily or permanently) to SysV init. Also move that paragraph to the
+ bottom as it's now less important.
+ * debian/README.Debian: Add a hint why you may want to enable persistent
+ journal, and suggest to uninstall system-log-daemon to avoid duplicate
+ logging.
+ * debian/README.Debian: Add documentation about networkd integration.
+ * Rename 01-mac-for-usb.link to 90-mac-for-usb.link so that it becomes
+ easier to override.
+ * debian-fixup.service just has one purpose now (make /etc/mtab a symlink),
+ so drop the debian/extra/debian-fixup shell script and put the ln command
+ directly into debian-fixup.service. Update the description.
+ * debian/tests/networkd: Check that /etc/resolv.conf gets the DHCP's
+ nameserver in case it is a symlink (i. e. dynamically managed by
+ systemd-resolved or resolvconf).
+ * systemd-networkd-dispatcher: Also pass on the DNS server list to if-up.d/
+ as $IF_DNS_NAMESERVERS, so that resolvconf or similar programs work as
+ expected.
+ * Drop debian/systemd-journal-remote.postrm: Removing system users is
+ potentially dangerous (there might be a leftover process after purging).
+
+ [ Michael Biebl ]
+ * Drop libsystemd-login-dev. All reverse dependencies have been updated to
+ use libsystemd-dev directly.
+ * Update build instructions to use "gbp clone" instead of "gbp-clone" as all
+ gbp-* commands have been removed from git-buildpackage.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 10 Sep 2015 16:53:53 +0200
+
+systemd (225-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release.
+ - Fixes FTBFS on alpha. (Closes: #792551)
+ - Fixes machined state tracking logic. (Closes: #788269)
+ * Add better fix for "systemctl link/enable" breakage with full paths.
+ (LP: #1480310)
+ * debian/rules: Add missing $(dh_options) in overridden debhelper targets.
+
+ [ Felipe Sateler ]
+ * Move conffile from systemd to systemd-container package (Closes: #797048)
+
+ [ Michael Biebl ]
+ * Drop unnecessary Conflicts/Replaces from systemd-journal-remote.
+ None of the files in this package were previously shipped by systemd.
+ * Create system users for systemd-journal-{gateway,remote,upload} when
+ installing the systemd-journal-remote package.
+ * Explicitly turn off the features we don't want in a stage1 build.
+ Otherwise ./configure might enable them automatically if the build
+ dependencies are installed and "dh_install --fail-missing" will then fail
+ due to uninstalled files.
+ * Enable GnuTLS support as systemd-journal-remote makes sense mostly with
+ encryption enabled.
+ * Rely on build profiles to determine which packages should be skipped
+ during build and no longer specify that manually.
+ * Drop our patch which removes rc-local-generator.
+ rc-local.service acts as an ordering barrier even if its condition is
+ false, because conditions are evaluated when the service is about to be
+ started, not when it is enqueued. We don't want this ordering barrier on
+ systems that don't need/use /etc/rc.local.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 30 Aug 2015 21:18:59 +0200
+
+systemd (224-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Skip systemd-fsckd autopkgtest if /run/initramfs/fsck-root exists, i. e.
+ the initramfs already ran fsck.
+ * Fix broken ACL in tmpfiles.d/systemd.conf. (Closes: #794645, LP: #1480552)
+ * Add debian/tests/unit-config: Test "systemctl link"; reproduces LP#1480310.
+ * Add a hack to unbreak "systemctl link". (LP: #1480310)
+ * debian/extra/rules-ubuntu/40-hyperv-hotadd.rules: Also apply to Xen, and
+ rename to 40-vm-hotadd.rules.
+ * Fix networkd crash. (Closes: #796358)
+ * debian/rules: Remove all files/empty dirs in systemd which are already
+ shipped by systemd-* or udev, instead of an explicit list.
+ * Bump "mount" dependency to >= 2.26, to ensure "swapon -o" availability.
+ (Closes: #796389)
+ * Install /lib/systemd/network/* into udev instead of systemd, as it's
+ really udev which is evaluating these.
+ * Split out "systemd-container" package with machined and nspawn and enable
+ importd. Add new libbz2-dev, zlib1g-dev, and libcurl-dev build deps.
+ (LP: #1448900)
+ * Move transitional libgcrypt11-dev build dep to libgcrypt20-dev.
+ * debian/rules: Limit check for libraries in /usr to systemd and udev
+ packages, as other packages like systemd-containers can (and do) link to
+ /usr.
+ * Build-depend on dpkg-dev (>= 1.17.14) and bump debhelper version for build
+ profiles support.
+ * Drop "display-managers" autopkgtest, obsolete with dropped
+ default-display-manager-generator.
+ * boot-and-services autopkgtest: Add systemd-container test dependency for
+ the nspawn tests.
+ * Don't enable audit support when building with "stage1" profile, to avoid
+ circular build dep.
+
+ [ Helmut Grohne ]
+ * Improve support for cross-building and bootstrapping.
+
+ [ Michael Biebl ]
+ * Drop default-display-manager-generator. All major desktops now use a
+ display manager which support the new scheme and setup the
+ /etc/systemd/system/display-manager.service symlink correctly.
+ * Add new binary package "systemd-journal-remote" with tools for
+ sending/receiving remote journal logs:
+ systemd-journal-{remote,upload,gatewayd}. (Closes: #742802, LP: #1480952)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 25 Aug 2015 12:40:35 +0200
+
+systemd (224-1) unstable; urgency=medium
+
+ * New upstream release.
+ * boot-and-services autopkgtest: Ignore thermald. Since 1.4.3-2 it starts by
+ default, but fails in most virtual envs.
+
+ -- Martin Pitt <mpitt@debian.org> Sat, 01 Aug 2015 13:38:57 +0200
+
+systemd (223-2) unstable; urgency=medium
+
+ * Don't enable gnu-efi on ARM. It FTBFSes and cannot really be tested now as
+ there is no available hardware.
+ * debian/extra/initramfs-tools/hooks/udev: Don't fail if
+ /etc/systemd/network/ does not exist. (Closes: #794050)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 30 Jul 2015 08:25:51 +0200
+
+systemd (223-1) unstable; urgency=medium
+
+ * New upstream release:
+ - Fix systemd-bootchart crash. (Closes: #792403)
+ - Trim list of files in /usr/share/doc/systemd/. (Closes: #791839)
+ - Fix "Invalid argument" failure with some journal files.
+ (Closes: #792090)
+ - tmpfiles: Don't recursively descend into journal directories in /var.
+ (Closes: #791897)
+ - Don't frequently wake up on disabled TimeoutIdleSec=, in particular in
+ automount timers. (LP: #1470845)
+ - tmpfiles: Don't delete lost+found/. (Closes: #788193)
+
+ [ Michael Biebl ]
+ * udev: Remove obsolete rm_conffile/mv_conffile functions from udev.preinst.
+ The udev package is using dpkg-maintscripts-helper now to remove obsolete
+ conffiles.
+ * systemd: Remove obsolete conffile clean up from pre-wheezy.
+ * udev-udeb: Remove scsi_wait_scan hack from the start-udev script as well.
+
+ [ Martin Pitt ]
+ * Enable GNU EFI support and add gnu-efi build dep. This enables/ships the
+ systemd EFI boot loader. (Closes: #787720, LP: #1472283)
+ * networkd autopkgtest: More robust/forceful killing of dnsmasq.
+ * ifup@.service: Drop "oneshot" to run ifup in the background during boot.
+ This avoids blocking network.target on boot with unavailable hotplug
+ interfaces in /etc/network/interfaces. (Closes: #790669, LP: #1425376)
+ * systemd.postinst: Avoid confusing error message about
+ /run/systemd/was-enabled not existing on reconfiguring.
+ * debian/extra/initramfs-tools/hooks/udev: Drop some redundant code.
+ * Fix networkd-wait-online -i to properly wait for the given interfaces
+ only.
+ * Drop debian/extra/base-installer.d/05udev: We use net.ifnames by default
+ now, thus we don't need to copy 70-persistent-*.rules any more.
+ * debian/extra/start-udev: Run d-i's udevd with "notice" log level, just
+ like we did in the initramfs in 219-10.
+ * Fix size explosion of networkd (post-223 patch from trunk).
+
+ [ Julian Wollrath ]
+ * Copy all .link interface naming definitions to initramfs. (Closes: #793374)
+
+ [ Felipe Sateler ]
+ * nss-my*.postinst: configure at the end of the hosts line, not before
+ files. (Closes: #789006)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 30 Jul 2015 00:02:26 +0200
+
+systemd (222-2) unstable; urgency=medium
+
+ [ Adam Conrad ]
+ * debian/udev-udeb.install: Install new bits for net.ifnames (LP: #1473542)
+ * debian/extra/initramfs-tools/hooks/udev: Do the same for initramfs-tools.
+
+ [ Martin Pitt ]
+ * emergency.service: Wait for plymouth to shut down. Fixes invisible
+ emergency shell with plymouth running endlessly. (LP: #1471258)
+ * Add "networkd" autopkgtest. Covers basic DHCP on IPv4 and IPv4+6 on a veth
+ device.
+
+ [ Michael Biebl ]
+ * Bump package priorities of systemd and systemd-sysv to important to match
+ what has been used in the Debian archive since Jessie.
+ * Drop scsi_wait_scan hack from the udev initramfs-tools script. This Linux
+ kernel module has been broken since 2.6.30 and as a result was removed in
+ 3.5. The Debian Jessie kernel no longer ships this module.
+ (Closes: #752775)
+ * Drop libsystemd-journald-dev and libsystemd-id128-dev. There are no
+ reverse dependencies left and we want to avoid new packages picking up
+ a build dependency on those obsolete transitional packages.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 15 Jul 2015 23:51:15 +0200
+
+systemd (222-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix reload killing BusName= units. (Closes: #746151)
+ - sysv-generator: detect invalid names and escape them. (Closes: #677075)
+ - Document removal of PIDFile on daemon shutdown. (Closes: #734006)
+ - Drop Revert-rules-fix-tests-for-removable-state.patch, the auto-suspend
+ rules now got dropped entirely.
+ * Add Revert-VT-reuse-patches.patch: Revert a couple of logind VT reuse
+ patches which alternately broke lightdm and gdm.
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * Disable test-netlink during package build, fails on some buildds.
+ * udev.postinst: Don't call addgroup with --quiet, so that if the "input"
+ group already exists as a non-system group you get a sensible error
+ message. Some broken tutorials forget the --system option.
+ (Closes: #769948, LP: #1455956)
+ * systemd.postinst: Drop the --quiet from the addgroup calls as well, same
+ reason as above. (Closes: #762275)
+ * udev: Drop doc dir symlinking. It has caused too much trouble and only
+ marginally helps to avoid duplication. Such duplication should be dealt
+ with at the distro, not package level.
+ * debian/rules: Entirely ignore $LD_PRELOAD instead of just libfakeroot in
+ the link check, to also avoid libeatmydata. (Closes: #790546)
+ * boot-and-services, display-managers autopkgtests: Install and configure
+ dummy X.org driver, so that these work in headless machines/VMs.
+ * systemd-fsckd autopkgtest: Stop using/asserting on lightdm, just check
+ that default.target is active. lightdm is prone to fail in test
+ environments, and fiddling with it in two other autopkgtests is
+ sufficient.
+ * debian/watch: Adjust to new upstream release model of only providing the
+ github tag tarballs.
+ * Drop dsl-modem.agent. It hasn't been maintained/tested for many years, few
+ if any people actually use this, and this doesn't belong into udev.
+
+ [ Michael Biebl ]
+ * Stop building the Python 3 bindings. They were split into a separate
+ source package upstream and are now built from src:python-systemd. See
+ http://lists.freedesktop.org/archives/systemd-devel/2015-July/033443.html
+ * Remove obsolete --disable-chkconfig configure option.
+ * Move the man pages for libnss-myhostname, libnss-mymachines and udev.conf
+ from systemd into the correct package. Move the zsh completion file for
+ udevadm into the udev package as well. Add Breaks/Replaces accordingly.
+ (Closes: #790879)
+ * Drop rules which remove pre-generated files before build. The upstream
+ tarball no longer ships any pre-generated files so this is no longer
+ necessary.
+ * Fix cleanup rule for Python byte code files.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 08 Jul 2015 18:56:07 +0200
+
+systemd (221-1) unstable; urgency=medium
+
+ * New upstream release 221:
+ - Fix persistent storage links for Xen devices. (LP: #1467151)
+ - Drop all backported patches and port the others to new upstream release.
+ - debian/rules: Drop workarounds for broken 220 tarball, 221 is fine.
+
+ [ Michael Biebl ]
+ * initramfs hook: Stop installing 55-dm.rules, 64-md-raid.rules,
+ 60-persistent-storage-lvm.rules and 60-persistent-storage-dm.rules.
+ The mdadm, lvm2 and dmsetup package provide their own udev hooks nowadays
+ to make sure their udev rules files are installed into the initramfs.
+ Having the copy rules at two places is confusing and makes debugging
+ harder.
+ * Make it possible to skip building udeb packages via
+ DEB_BUILD_OPTIONS="noudeb". This allows quicker builds for local testing
+ and is benefical for derivatives that don't use d-i.
+ * Install API documentation for libudev and libsystemd in their respective
+ packages. Both libraries use man pages now, so we need to be explicit
+ about what is installed where.
+
+ [ Martin Pitt ]
+ * ifupdown-hotplug autopkgtest: Different cloud/desktop environments have
+ different ways of including /etc/network/interfaces.d/, try to get along
+ wit either and skip the test if interfaces.d/ does not get included at
+ all.
+ * Drop obsolete gtk-doc-tools build dependency, gtkdocize autoreconfig, and
+ ./configure options.
+ * libudev-dev.install: Drop gtk-doc files, not built by upstream any more
+ and replaced with manpages.
+ * libsystemd0.symbols: Add new symbols for this release.
+ * debian/rules: Fix paths in manpages as we don't currently have a merged
+ /usr in Debian but have most systemd things in /lib. This replaces the
+ previous huge and maintenance-intense patch.
+ * Drop Accept-mountall-specific-fstab-options.patch. Replaced with
+ systemd.postinst migration code in Ubuntu.
+ * Revert overly aggressive USB autosuspend udev rules change which broke
+ various USB keyboards. (Closes: #789723)
+ * Have rc-local.service output also go to the console. /etc/rc.local often
+ contains status messages which users expect to see during boot.
+ (LP: #1468102)
+ * debian/rules: Install udev.NEWS into libudev1, to get along with Debian's
+ udev -> libudev1 doc dir symlinking. (Closes: #790042)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 28 Jun 2015 12:05:36 +0200
+
+systemd (220-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Enable seccomp support on arm64 as well.
+ * Replace the remainder of Fix-paths-in-man-pages.patch with an upstream
+ provided patch.
+
+ [ Martin Pitt ]
+ * Switch to net.ifnames persistent network interfaces (on new
+ installations/for new hardware), and deprecate the old
+ 75-persistent-net-generator.rules. See the ML discussion for details:
+ https://lists.debian.org/debian-devel/2015/05/msg00170.html
+ https://lists.debian.org/debian-devel/2015/06/msg00018.html
+ - Drop Make-net.ifnames-opt-in-instead-of-opt-out.patch, to use
+ net.ifnames by default.
+ - Revert-udev-network-device-renaming-immediately-give.patch: Adjust
+ patch comment.
+ - Drop 75-persistent-net-generator.rules, write_net_rules helper and
+ rule_generator.functions.
+ - Adjust udev's README.Debian accordingly, and describe the migration.
+ This needs to happen manually as there is no robust way of doing this
+ automatically.
+ - Add udev NEWS file for announcing this change and pointing to udev's
+ README.
+ - udev.postinst: Drop write_interfaces_rules().
+ - udev.postinst: Disable net.ifnames on systems which did not support
+ 75-persistent-net-generator.rules (most importantly, virtualized guests)
+ to avoid changing network interface names on upgrade.
+ - LP: #1454254
+ * fsckd-daemon-for-inter-fsckd-communication.patch: Add fsckd.c to
+ POTFILES.in.
+ * ifupdown-hotplug autopkgtest: Fix config name in interfaces.d/, it must
+ not have a suffix in Debian. Also clean up the file after the test.
+ * net.agent: When running under systemd, run everything in the foreground.
+ This avoids killing the forked child in the middle of its operation under
+ systemd when the parent exits.
+ * Check during build that systemd and systemd-journald don't link against
+ anything in /usr, to prevent bugs like #771652 and #788913 in the future.
+ * Drop Skip-99-systemd.rules-when-not-running-systemd-as-in.patch. The rules
+ mostly just attach tags systemd specific properties which are harmless
+ under other init systems, and systemd-sysctl also works there.
+ * 80-networking.rules: Only call agents for add|remove, as they don't handle
+ other events.
+ * Restore udev watches on block device changes. (Closes: #789060,
+ LP: #1466081)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 17 Jun 2015 22:48:53 +0200
+
+systemd (220-6) unstable; urgency=medium
+
+ * Enable seccomp support on the architectures that provide libseccomp.
+ (Closes: #760299)
+ * boot-and-services autopkgtest: Add SeccompTest for the above.
+ * boot-and-services autopkgtest: Check that we don't get an unwanted
+ tmp.mount unless /etc/fstab explicitly specifies it.
+ * Bump libcap-dev build dep to the version that provides libcap2-udeb.
+ (Closes: #787542)
+ * Stop installing tmp.mount by default; there are still situations where it
+ becomes active through dependencies from other units, which is surprising,
+ hides existing data in /tmp during runtime, and it isn't safe to have a
+ tmpfs /tmp on every install scenario. (Closes: #783509)
+ - d/rules: Ship tmp.mount in /usr/share/systemd/ instead of
+ /lib/systemd/systemd.
+ - systemd.postinst: When tmp.mount already was enabled, install tmp.mount
+ into /etc and keep it enabled.
+ - systemd.postinst: When enabling tmp.mount because of RAMTMP=yes, copy it
+ from /usr/share.
+ - Drop Don-t-mount-tmp-as-tmpfs-by-default.patch and
+ PrivateTmp-shouldn-t-require-tmpfs.patch, not necessary any more.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 11 Jun 2015 09:25:49 +0200
+
+systemd (220-5) unstable; urgency=medium
+
+ * debian/README.source: Upstream repository moved to github, adjust
+ cherry-picking instructions accordingly.
+ * debian/control: Replace obsolete Python2 version header with
+ X-Python3-Version.
+ * dracut: Fix path to systemd-fsck. (Closes: #787553)
+ * Ignore test failures during build if /etc/machine-id is missing (which is
+ the case in a few buildd chroots still). (Closes: #787258)
+ * debian/udev.README.Debian: Move network interface hotplug documentation
+ into separate section. Point out that "lo" does not need to be configured
+ in ifupdown under systemd.
+ * debian/udev.README.Debian: Document net.ifnames, and how to write udev
+ rules for custom network names.
+ * Add debian/extra/01-mac-for-usb.link: Use MAC based names for network
+ interfaces which are (directly or indirectly) on USB. Path based names
+ are inadequate for dynamic buses like USB.
+ * Fix another escape parsing regression in Exec*= lines. (Closes: #787256)
+ * Disable EFI support for udeb build.
+ * Refine detection of touch screen devices.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 07 Jun 2015 16:52:33 +0200
+
+systemd (220-4) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/extra/initramfs-tools/scripts/init-top/udev: Drop $ROOTDELAY wait.
+ This does not concern udev in particular, but is handled by
+ initramfs-tools itself (scripts/local). The intention of this parameter is
+ not to statically wait for the given time, but wait *up to* that time for
+ the root device to appear.
+ * Add debian/extra/units/rc-local.service.d/wait-online.conf: Make
+ rc-local.service wait for network-online.target (if it gets started). This
+ not specified by LSB, but has been behaving that way in Debian under SysV
+ init and upstart. (LP: #1451797)
+ * Fix parsing of escape characters in Exec*= lines. (Closes: #787256)
+ * Drop path_is_mount_point-handle-false-positive-on-some-fs.patch (it was
+ already not applied in 220-1). This needs to be re-thought and re-done
+ against the current code, and overlayfs in general. On overlayfs this
+ still reports false positives for files that changed in the upperdir, but
+ this does not break systemd-machine-id-commit any more.
+ * Add debian/extra/rules/80-debian-compat.rules, replacing three of our
+ patches. These are independent udev rules to change device permissions and
+ add CD/DVD symlinks for compatibility with earlier Debian releases.
+
+ [ Michael Biebl ]
+ * Bump Depends on util-linux to make sure we have a sulogin implementation
+ which properly cleans up its children when emergency.service is restarted.
+ (Closes: #784238)
+ * Stop using /sbin/udevd and drop the compat symlink.
+ * Remove any vestiges of /dev/.udev/. This directory has been replaced by
+ /run/udev/ since wheezy.
+ * Drop udev migration code from pre-wheezy.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 02 Jun 2015 08:16:36 +0200
+
+systemd (220-3) unstable; urgency=medium
+
+ * Fix ProtectSystem=yes to actually protect /usr, not /home.
+ (Closes: #787343)
+ * sd-device: fix device_get_properties_strv(). Fixes environment for
+ processes spawned by udev, in particular "allow-hoplug" ifupdown
+ interfaces via ifup@.service. (Closes: #787263)
+ * Ignore test failures on mipsel; the three failures are not reproducible on
+ the porter box (different kernel?). (See #787258)
+ * Add ifupdown-hotplug autopkgtest. Reproduces #787263.
+ * udev: Bring back persistent storage symlinks for bcache. Thanks David
+ Mohr! (Closes: #787367)
+ * sd-device: Fix invalid property strv pointers. This unbreaks the
+ environment of udev callouts.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 01 Jun 2015 12:58:20 +0200
+
+systemd (220-2) unstable; urgency=low
+
+ * 220-1 was meant to go to experimental, but was accidentally uploaded to
+ unstable. This was planned for next week anyway, just not on a Friday;
+ we don't revert, but keep an RC bug open for a few days to get broader
+ testing. Reupload 220-1 with its changelog actually pointing to unstable
+ and with all versions in the .changes.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 29 May 2015 18:54:09 +0200
+
+systemd (220-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Ship sdio.ids and ids-update.pl in upstream tarball. (Closes: #780650)
+ - Drop non-working "journalctl /dev/sda" example from manpage
+ (Closes: #781604)
+ - man systemd.network: Explain UseDomains a bit more (not used by
+ default). (Closes: #766413)
+ - Ignore comments in /etc/hostname (LP: #1053048)
+ - Drop all backported patches and port the others to new upstream release.
+ * Cherry-pick patch to fix udevd --daemon assertion regression.
+ * Cherry-pick patch to fix udevd worker hang.
+ * systemd.install: systemd.pc moved back into /usr/share/pkgconfig/.
+ * libsystemd0.symbols: Add new symbols from this release.
+ * Drop debian/extra/60-keyboard.hwdb for now. Upstream has a newer version,
+ and it's not nearly as often updated any more as it used to be.
+ * debian/rules: Remove shipped audit_type-to-name.h and
+ keyboard-keys-from-name.gperf and regenerate them during build (bug in
+ upstream 220 tarball).
+ * autopkgtest: Ship/use mock fsck from debian/tests, as it's missing in the
+ 220 tarball.
+ * Add libnss-mymachines binary package. (Closes: #784858)
+ * Add libnss-myhostname binary package, taking over from the very old and
+ unmaintained standalone source package as per its maintainer's request.
+ (Closes: #760514)
+ * Drop buildsys-Don-t-default-to-gold-as-the-linker.patch and set LD in
+ debian/rules on sparc only. This can be dropped entirely once we build
+ GUdev from a separate source.
+ * bootchart autopkgtest: Skip test if /proc/schedstat does not exist, i. e.
+ the kernel is missing CONFIG_SCHEDSTAT. Bootchart requires this.
+ * systemd-fsckd autopkgtest: On Debian plymouth-start stays running, adjust
+ was_running() for that.
+ * systemd-fsckd autopkgtest: In test_systemd_fsck_with_plymouth_failure(),
+ fix plymouthd status check to work under both Debian and Ubuntu.
+ * Replace almost all of Fix-paths-in-man-pages.patch with upstreamed
+ patches. (The remainder is planned to get fixed upstream as well.)
+ * Remove our update-rc.d patches, replace them with upstream patches for
+ /lib/systemd/systemd-sysv-install abstraction, and provide one for
+ update-rc.d. Also implement "is-enabled" command by directly checking for
+ the presence of rcS or rc5 symlinks. (Closes: #760616)
+ * Fix path_is_mount_point for files (regression in 220).
+ * debian/control: Drop obsolete XS-Testsuite:, dpkg adds it automatically.
+ * Use Ubuntu's default NTP server for timesyncd when building on Ubuntu.
+
+ [ Michael Biebl ]
+ * Remove /var/run and /var/lock migration code from debian-fixup. The /run
+ migration was completed in wheezy so this is no longer necessary.
+ * Drop our versioned Depends on initscripts. This was initially added for
+ the /run migration and later to ensure we have a mountnfs hook which
+ doesn't cause a deadlock under systemd. The /run migration was completed
+ in wheezy and jessie ships a fixed mountnfs hook. In addition we now use
+ the ignore-dependencies job mode in our lsb init-functions hook, so it's
+ safe to drop this dependency.
+ * Stop building gudev packages. Upstream has moved the gudev code into a
+ separate repository which is now managed on gnome.org. The gudev packages
+ will be built from src:libgudev from now on. See also
+ http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 29 May 2015 10:37:40 +0200
+
+systemd (219-10) experimental; urgency=medium
+
+ * Fix assertion crash with empty Exec*= paths. (LP: #1454173)
+ * Drop Avoid-reload-and-re-start-requests-during-early-boot.patch
+ and Avoid-reloading-services-when-shutting-down.patch: This was fixed more
+ robustly in invoke-rc.d and service now, see #777113.
+ * debian/tests/boot-smoke: Allow 10 seconds for systemd jobs to settle down.
+ * Fix "tentative" state of devices which are not in /dev (mostly in
+ containers), and avoid overzealous cleanup unmounting of mounts from them.
+ (LP: #1444402)
+ * debian/extra/udev-helpers/net.agent: Eliminate cat and most grep calls.
+ * Drop Set-default-polling-interval-on-removable-devices-as.patch; it's long
+ obsolete, CD ejection with the hardware button works properly without it.
+ * Re-enable-journal-forwarding-to-syslog.patch: Update patch description,
+ journal.conf.d/ exists now.
+ * journal: Gracefully handle failure to bind to audit socket, which is known
+ to fail in namespaces (containers) with current kernels. Also
+ conditionalize systemd-journald-audit.socket on CAP_AUDIT_READ.
+ (LP: #1457054)
+ * Put back *.agent scripts and use net.agent in Ubuntu. This fixes escaping
+ of unit names, reduces the delta, and will make it easier to get a common
+ solution for integrating ifup.d/ scripts with networkd.
+ * When booting with "quiet", run the initramfs' udevd with "notice" log
+ level. (LP: #1432171)
+ * Add sigpwr-container-shutdown.service: Power off when receiving SIGPWR in
+ a container. This makes lxc-stop work for systemd containers.
+ (LP: #1457321)
+ * write_net_rules: Escape '{' and '}' characters as well, to make this work
+ with busybox grep. Thanks Faidon Liambotis! (Closes: #765577)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 21 May 2015 09:43:52 +0200
+
+systemd (219-9) experimental; urgency=medium
+
+ * 75-persistent-net-generator.rules: Fix rules for ibmveth (it's a driver,
+ not a subsystem). (LP: #1437375)
+ * debian/tests/unit-config: Add tests for systemctl enable/disable on a
+ SysV-only unit. Reproduces LP #1447807.
+ * Fix systemctl enable for SysV scripts without a native unit. We must not
+ try and enable the nonexisting unit then. (LP: #1447807)
+ * Drop Add-env-variable-for-machine-ID-path.patch. systemd should always
+ be installed via the essential "init" in buildd schroots now.
+ * debian/README.source: Update git-buildpackage commands for the renames in
+ 0.6.24.
+ * Make apparmor run before networking, to ensure that profiles apply to
+ e. g. dhclient (LP: #1438249):
+ - Rename networking.service.d/network-pre.conf to systemd.conf, and add
+ After=apparmor.service.
+ - ifup@.service: Add After=apparmor.service.
+ - Add Breaks: on apparmor << 2.9.2-1, which dropped its dependency to
+ $remote_fs.
+ * Drop login-don-t-overmount-run-user-UID-on-upgrades.patch and
+ login-don-t-overmount-run-user-UID-on-upgrades.patch, these were only
+ needed for upgrades from wheezy to jessie.
+ * systemd.{pre,post}inst: Clean up obsolete (pre-wheezy/jessie) upgrade
+ fixes.
+ * systemd-fsckd autopkgtest: Stop assuming that
+ /etc/default/grub.d/90-autopkgtest.cfg exists.
+ * systemd-fsckd autopkgtest: Add missing plymouth test dependency.
+ * Drop core-mount-ensure-that-we-parse-proc-self-mountinfo.patch, and bump
+ util-linux dependency to the version which enables
+ --enable-libmount-force-mountinfo.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 13 May 2015 12:27:21 +0200
+
+systemd (219-8) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * Skip filesystem check if already done by the initramfs. (Closes: #782522)
+ * Drop hard-coded versioned dependency on libapparmor1. Bump the
+ Build-Depends on libapparmor-dev instead. This ensures a proper versioned
+ dependency via Build-Depends-Package.
+ * Revert "Make apparmor run before networking". This causes dependency
+ cycles while apparmor still depends on $remote_fs.
+ * Cleanup hwclock-save.service symlinks when upgrading from the jessie
+ version.
+
+ [ Martin Pitt ]
+ * cryptsetup: Implement offset and skip options. (Closes: #751707,
+ LP: #953875)
+ * logind autopkgtest: Add test for suspending on lid switch close.
+ This reproduces LP #1444166 (lid switch not working in the first few
+ minutes after boot).
+ * Reduce the initial suspend supression time from 3 minutes to 30 seconds,
+ and make it configurable. (LP: #1444166)
+ * Fix double free crash in "systemctl enable" when calling update-rc.d and
+ the latter fails. (Closes: #764613, LP: #1426588)
+ * hwdb: Fix wireless switch on Dell Latitude (LP: #1441849)
+ * Fix assertion crash when reading a service file with missing ' and
+ trailing space. (LP: #1447243)
+ * ifup@.service: Set IgnoreOnIsolate, so that "systemctl default" does not
+ shut down network interfaces. (Closes: #762953, LP: #1449380).
+ Add PartOf=network.target, so that stopping network.target also stops
+ network interfaces (so that isolating emergency.target and similar work as
+ before).
+ * Revert upstream commit 743970d which immediately SIGKILLs units during
+ shutdown. This leads to problems like bash not being able to write its
+ history, mosh not saving its state, and similar failed cleanup actions.
+ (Closes: #784720, LP: #1448259)
+ * Drop the reversion of "journald: allow restarting journald without losing
+ stream connections", and replace with proper upstream fix for
+ sd_pid_notify_with_fds(). (See Debian #778970, LP #1423811; LP: #1437896)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 29 Apr 2015 17:13:41 +0200
+
+systemd (219-7) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Make systemd-sysv's dependency to systemd unversioned. The package just
+ contains 6 symlinks and thus isn't sensitive at all against version
+ mismatches. This avoids running into circular dependencies when testing
+ local debs.
+ * Revert "udev: Drop hwdb-update dependency" and replace with upstream patch
+ which moves it to systemd-udev-trigger.service.
+ * display-managers autopkgtest: Properly wait until all jobs are finished.
+ * display-managers autopkgtest: Reset failed units between tests, to avoid
+ running into restart limits and for better test isolation.
+ * Enable timesyncd in virtual machines. (Closes: #762343)
+
+ [ Adam Conrad ]
+ * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload
+ when init scripts are installed or removed (Closes: #766429)
+
+ [ Didier Roche ]
+ * Squash all fsckd patches in one (as fsckd and such will be removed
+ soon upstream), containing various fixes from upstream git and refactor
+ the connection flow to upstream's suggestion. Modify the man pages to match
+ those modifications as well. Amongst others, this suppresses "Couldn't
+ connect to plymouth" errors if plymouth is not running.
+ (Closes: #782265, LP: #1429171)
+ * Keep plymouth localized messages in a separate patch for easier updates in
+ the future and refresh to latest upstream.
+ * display-managers autopkgtest: Use ExecStart=sleep instead of the actual
+ lightdm binary, to avoid errors from lightdm startup. Drop the now
+ unnecessary "needs-recommends" to speed up the test.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 10 Apr 2015 11:08:33 +0200
+
+systemd (219-6) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Import patches from v219-stable branch (up to 85a6fab).
+ * boot-and-services autopkgtest: Add missing python3 test dependency.
+ * Make apparmor run before networking, to ensure that profiles apply to
+ e. g. dhclient (LP: #1438249):
+ - Rename networking.service.d/network-pre.conf to systemd.conf, and add
+ After=apparmor.service.
+ - ifup@.service: Add After=apparmor.service.
+ * udev: Drop hwdb-update dependency, which got introduced by the above
+ v219-stable branch. This causes udev and plymouth to start too late and
+ isn't really needed in Debian yet as we don't support stateless systems
+ yet and handle hwdb.bin updates through dpkg triggers. (LP: #1439301)
+
+ [ Didier Roche ]
+ * Fix mount point detection on overlayfs and similar file systems without
+ name_to_handle_at() and st_dev support. (LP: #1411140)
+
+ [ Christian Seiler ]
+ * Make the journald to syslog forwarding more robust by increasing the
+ maximum datagram queue length from 10 to 512. (Closes: #762700)
+
+ [ Marco d'Itri ]
+ * Avoid writing duplicate entries in 70-persistent-net.rules by double
+ checking if the new udev rule has already been written for the given
+ interface. This happens if multiple add events are generated before the
+ write_net_rules script returns and udevd renames the interface.
+ (Closes: #765577)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 02 Apr 2015 09:14:48 +0200
+
+systemd (219-5) experimental; urgency=medium
+
+ [ Didier Roche ]
+ * Add "systemd-fsckd" autopkgtest. (LP: #1427312)
+ * cmdline-upstart-boot autopkgtest: Update to Ubuntu's upstart-sysv split
+ (test gets skipped on Debian while upstart-sysv does not yet exist there).
+ * Cherry-pick a couple of upstream commits for adding transient state,
+ fixing a race where mounts become available before the device being
+ available.
+ * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
+ an After relationship. (Closes: #779902)
+
+ [ Martin Pitt ]
+ * journald: Suppress expected cases of "Failed to set file attributes"
+ errors. (LP: #1427899)
+ * Add systemd-sysv.postinst: Update grub on first installation, so that the
+ alternative init system boot entries get updated.
+ * debian/tests: Call /tmp/autopkgtest-reboot, to work with autopkgtest >=
+ 3.11.1.
+ * Check for correct architecture identifiers for SuperH. (Closes: #779710)
+ * Fix tmpfiles.d to only apply the first match again (regression in 219).
+ (LP: #1428540)
+ * /lib/lsb/init-functions.d/40-systemd: Don't ignore systemd unit
+ dependencies in "degraded" mode. (LP: #1429734)
+
+ [ Michael Biebl ]
+ * debian/udev.init: Recognize '!' flag with static device lists, to work
+ with kmod 20. (Closes: #780263)
+
+ [ Craig Magina ]
+ * rules-ubuntu/71-power-switch-proliant.rules: Add support for HP ProLiant
+ m400 Server Cartridge soft powerdown on Linux 3.16. (LP: #1428811)
+
+ [ Scott Wakeling ]
+ * Rework package description to be more accurate. (Closes: #740372)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 26 Mar 2015 16:31:04 +0100
+
+systemd (219-4) experimental; urgency=medium
+
+ * tmpfiles: Avoid creating duplicate ACL entries. Add postinst code to clean
+ them up on upgrade. (Closes: #778656)
+ * bootchart: Fix path to default init. (LP: #1423867)
+ * Add "bootchart" autopkgtest, to spot regressions like the above.
+ * autopkgtests: Factorize out "assert.sh" utility functions, and use them in
+ the tests for useful failure messages.
+ * Downgrade requirement for timedated, hostnamed, localed-locale, and
+ logind autopkgtests from machine to container isolation.
+ * boot-and-services and display-manager autopkgtest: Add systemd-sysv as
+ proper test dependency instead of apt-get installing it. This works now
+ also under Ubuntu 15.04.
+ * boot-and-services autopkgtest: Check cleanup of temporary files during
+ boot. Reproduces #779169.
+ * Clean up /tmp/ directory again. (Closes: #779169, LP: #1424992)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 27 Feb 2015 07:02:09 +0100
+
+systemd (219-3) experimental; urgency=medium
+
+ * sysv-generator: fix wrong "Overwriting existing symlink" warnings.
+ (Closes: #778700)
+ * Add systemd-fsckd multiplexer and feed its output to plymouth. This
+ provides an aggregate progress report of running file system checks and
+ also allows cancelling them with ^C, in both text mode and Plymouth.
+ (Closes: #775093, #758902; LP: #1316796)
+ * Revert "journald: allow restarting journald without losing stream
+ connections". This was a new feature in 219, but currently causes boot
+ failures due to logind and other services not starting up properly.
+ (Closes: #778970; LP: #1423811)
+ * Add "boot-smoke" autopkgtest: Test 20 successful reboots in a row, and
+ that there are no connection timeouts or stalled jobs. This reproduces the
+ above regression.
+ * debian/tests/localed-locale: Set up locale and keyboard default files on a
+ minimal unconfigured testbed.
+ * Add missing python3 test dependency to cmdline-upstart-boot and
+ display-managers autopkgtests.
+ * debian/tests/boot-and-services: Skip AppArmor test if AppArmor is not
+ enabled.
+ * debian/tests/boot-and-services: Reboot also if lightdm was just installed
+ but isn't running yet.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 23 Feb 2015 09:52:12 +0100
+
+systemd (219-2) experimental; urgency=medium
+
+ * Fix UTF-16 to UTF-8 conversion on big-endian machines. (Closes: #778654)
+ * Disable new new test-sigbus, it fails on some buildds due to too old
+ kernels. (part of #778654)
+ * debian/README.Debian, debian/systemd.postinst: Drop setfacl call for
+ /var/log/journal, this is now done automatically by tmpfiles.d/systemd.conf.
+ * Drop "acl" dependency, not necessary any more with the above.
+ * debian/tests/boot-and-services: Move to using /var/lib/machines/,
+ /var/lib/containers is deprecated.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 18 Feb 2015 15:29:42 +0100
+
+systemd (219-1) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix spelling mistake in systemd.unit(5). (Closes: #773302)
+ - Fix timeouts with D-Bus, leading to SIGFPE. (Closes: #774012)
+ - Fix load/save of multiple rfkill states. (Closes: #759489)
+ - Non-persistent journal (/run/log/journal) is now readable by group adm.
+ (Closes: #771980)
+ - Read netdev user mount option to correctly order network mounts after
+ network.target. (Closes: #769186)
+ - Fix 60-keyboard.hwdb documentation and whitespace handling.
+ (Closes: #757367)
+ - Fix ThinkPad X1 Carbon 20BT trackpad buttons (LP: #1414930)
+ - Drop all backported patches and port the others to new upstream release.
+ * Bump libblkid-dev build dependency as per upstream configure.ac.
+ * debian/systemd.install: Add new language-fallback-map file.
+ * debian/udev.install: Add new systemd-hwdb tool.
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * tmpfiles.d/systemd.conf: Drop "wheel" ACL (that group does not exist in
+ Debian) to make the ACL for "adm" actually work.
+ * debian/rules: Explicitly disable importd for now; it should still mature a
+ bit. Explicitly enable hwdb support.
+ * /lib/lsb/init-functions.d/40-systemd: Call systemctl is-system-running
+ with --quiet. (LP: #1421058)
+ * debian/systemd.postrm: Clean getty@tty1.service and remote-fs.target
+ enablement symlinks on purge. (Closes: #778499)
+ * Move all Debian specific units in the systemd package into
+ debian/extra/units/ and simplify debian/systemd.install.
+ * Enable timesyncd by default. Add a config drop-in to not start if ntp,
+ openntpd, or chrony is installed. (Closes: #755722)
+ * debian/systemd.links: Drop obsolete hwclockfirst.service mask link, this
+ was dropped in wheezy's util-linux already.
+ * debian/udev.postinst: Call systemd-hwdb instead of udevadm hwdb.
+
+ [ Michael Biebl ]
+ * Stop removing firstboot man pages. They are now installed conditionally.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 17 Feb 2015 15:51:38 +0100
+
+systemd (218-10) experimental; urgency=medium
+
+ * Pull latest keymaps from upstream git. (LP: #1334968, #1409721)
+ * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids
+ kernel buffer I/O errors and timeouts. (LP: #1333140)
+ * Clean up stale mounts when ejecting CD drives with the hardware eject
+ button. (LP: #1168742)
+ * Document systemctl --failed option. (Closes: #767267)
+ * Quiesce confusing and irrelevant "failed to reset devices.list" warning.
+ (LP: #1413193)
+ * When booting with systemd-bootchart, default to run systemd rather than
+ /sbin/init (which might not be systemd). (LP: #1417059)
+ * boot-and-services autopkgtest: Add CgroupsTest to check cgroup
+ creation/cleanup behaviour. This reproduces #777601 and verifies the fix
+ for it.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 13 Feb 2015 12:25:06 +0100
+
+systemd (218-9) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/logind: With dropped systemd-logind-launch we don't have a
+ visible /sys/fs/cgroup/systemd/ any more under cgmanager. So adjust the
+ test to check /proc/self/cgroup instead.
+ * Add unit-config autopkgtest to check systemd unit/sysv init enabling and
+ disabling via systemctl. This also reproduces #777613.
+ * systemctl: Always install/enable/disable native units, even if there is a
+ corresponding SysV script and we call update-rc.d; while the latter
+ handles WantedBy=, it does not handle Alias=. (Closes: #777613)
+ * cgroup: Don't trim cgroup trees created by someone else, just the ones
+ that systemd itself created. This avoids cleaning up empty cgroups from
+ e.g. LXC. (Closes: #777601)
+ * Don't parse /etc/mtab for current mounts, but /proc/self/mountinfo. If the
+ former is a file, it's most likely outdated on boot, leading to race
+ conditions and unmounts during boot. (LP: #1419623)
+
+ [ Michael Biebl ]
+ * Explicitly disable the features we don't want to build for those with
+ autodetection. This ensures reliable build results in dirty build
+ environments.
+ * Disable AppArmor support in the udeb build.
+ * core: Don't fail to run services in --user instances if $HOME is missing.
+ (Closes: #759320)
+
+ [ Didier Roche ]
+ * default-display-manager-generator: Avoid unnecessary /dev/null symlink and
+ warning if there is no display-manager.service unit.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 12 Feb 2015 18:45:12 +0100
+
+systemd (218-8) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * boot-and-services autopkgtest: Ensure that there are no failed units,
+ except possibly systemd-modules-load.service (as that notoriously fails
+ with cruft in /etc/modules).
+ * Revert "input" system group creation in systemd.postinst from 218-7. It's
+ already done in udev.postinst.
+ * ifup@.service: Revert checking for existance of ifupdown config for that
+ interface, net.agent already does that.
+ * Drop Also-redirect-to-update-rc.d-when-not-using-.service.patch; not
+ necessary any more with the current version (mangle_names() already takes
+ care of this).
+ * Merge into Add-support-for-rcS.d-init-scripts-to-the-sysv-gener.patch:
+ - Do-not-order-rcS.d-services-after-local-fs.target-if.patch, as it
+ partially reverts the above, and is just fixing it.
+ - Map-rcS.d-init-script-dependencies-to-their-systemd-.patch as it's just
+ adding some missing functionality for the same purpose.
+ * Merge Run-update-rc.d-defaults-before-update-rc.d-enable-d.patch into
+ Make-systemctl-enable-disable-call-update-rc.d-for-s.patch as the former
+ is fixing the latter and is not an independent change.
+ * Drop Launch-logind-via-a-shell-wrapper.patch and systemd-logind-launch
+ wrapper. The only remaining thing that we need from it is to create
+ /run/systemd/, move that into the D-BUS service file directly.
+ * /lib/lsb/init-functions.d/40-systemd: Avoid deadlocks during bootup and
+ shutdown. DHCP/ifupdown and similar hooks which call "/etc/init.d/foo
+ reload" can easily cause deadlocks, since the synchronous wait plus
+ systemd's normal behaviour of transactionally processing all dependencies
+ first easily causes dependency loops. Thus during boot/shutdown operate
+ only on the unit and not on its dependencies, just like SysV behaves.
+ (Closes: #777115, LP: #1417010)
+ * Only start logind if dbus is installed. This fixes the noisy startup
+ failure in environments without dbus, such as LXC containers or servers.
+ (part of #772700)
+ * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if
+ dbus is not installed, and hence logind cannot auto-start them on demand.
+ (Closes: #772700)
+
+ [ Michael Biebl ]
+ * Update insserv-generator and map $x-display-manager to
+ display-manager.service, following the recent change in sysv-generator.
+ This avoids creating references to a no longer existing
+ x-display-manager.target unit.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 09 Feb 2015 18:07:22 +0100
+
+systemd (218-7) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Don't attempt to mount the same swap partition twice through different
+ device node aliases. (Closes: #772182, LP: #1399595)
+ * logind: handle closing sessions over daemon restarts. (Closes: #759515,
+ LP: #1415104)
+ * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release
+ after log out actually work.
+ * debian/rules: Drop obsolete --disable-multi-seat-x and
+ --with-firmware-path configure options.
+ * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or
+ described in manpages. Only keep the Debian specific bits.
+ (Part of #776546)
+ * Actually install udev's README.Debian when building for Debian.
+ (Closes: #776546)
+ * Create system group "input" which was introduced in 215. (LP: #1414409)
+ * ifup@.service: Don't fail if the interface is not configured in
+ /etc/network/interfaces at all. (LP: #1414426)
+
+ [ Michael Biebl ]
+ * Update Vcs-Browser URL to use cgit and https.
+ * Map $x-display-manager LSB facility to display-manager.service instead of
+ making it a target. Using a target had the downside that multiple display
+ managers could hook into it at the same time which could lead to several
+ failed start attempts for the non-default display manager.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 01 Feb 2015 20:48:49 +0100
+
+systemd (218-6) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * initramfs hook: Install 61-persistent-storage-android.rules if it exists.
+ * Generate POT file during package build, for translators.
+ * Pull latest keymaps from upstream git.
+ * Order ifup@.service and networking.service after network-pre.target.
+ (Closes: #766938)
+ * Tone down "Network interface NamePolicy= disabled on kernel commandline,
+ ignoring" info message to debug, as we expect this while we disable
+ net.ifnames by default. (Closes: #762101, LP: #1411992)
+
+ [ Michael Biebl ]
+ * Ship bash-completion for udevadm. (Closes: #776166)
+ * Drop rc-local generator in favor of statically enabling rc-local.service,
+ and drop halt-local.service which is unnecessary on Debian.
+ (Closes: #776170)
+ * Drop the obsolete libsystemd-* libraries, there are no reverse
+ dependencies left.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 26 Jan 2015 15:45:45 +0100
+
+systemd (218-5) experimental; urgency=medium
+
+ * Drop logger.agent. It hasn't been called from any udev rule for a long
+ time, and looks obsolete.
+ * debian/rules: Configure with --disable-firstboot to replace some manual
+ file removals.
+ * debian/rules: Remove manual file installation, move them to
+ debian/*.install. Move all Debian specific installed files to
+ debian/extra/.
+ * Merge some changes from the Ubuntu package to reduce the delta; these only
+ apply when building on/for Ubuntu:
+ - Add 40-hyperv-hotadd.rules: Workaround for LP: #1233466.
+ - Add 61-persistent-storage-android.rules to create persistent symlinks
+ for partitions with PARTNAME. By Ricardo Salveti.
+ - Add 71-power-switch-proliant.rules for supporting the power switches of
+ ProLiant Server Cartridges. By Dann Frazier.
+ - Add 78-graphics-card.rules: Mark KMS capable graphics devices as
+ PRIMARY_DEVICE_FOR_DISPLAY so that we can wait for those in plymouth.
+ By Scott James Remnant.
+ - Don't install the Debian *.agent scripts. Instead, have Ubuntu's
+ 80-networking.rules directly pull in ifup@.service, which is much easier
+ and more efficient.
+ * Make EPERM/EACCESS when applying OOM adjustment for forked processes
+ non-fatal. This happens in user namespaces like unprivileged LXC
+ containers.
+ * Fix assertion failure due to /dev/urandom being unmounted when shutting
+ down unprivileged containers. Thanks Stéphane Graber.
+ * Enable EFI support. This mostly auto-mounts /sys/firmware/efi/efivars, but
+ also provides a generator for auto-detecting the root and the /boot/efi
+ partition if they aren't in /etc/fstab. (Closes: #773533)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 22 Jan 2015 16:13:46 +0100
+
+systemd (218-4) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * sysv-generator: handle Provides: for non-virtual facility names.
+ (Closes: #774335)
+ * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr
+ isn't mounted yet. This happens with initramfs-tools < 0.118 which we
+ might not get into Jessie any more. (Closes: #742048)
+
+ [ Martin Pitt ]
+ * fstab-generator: Handle mountall's non-standard "nobootwait" and
+ "optional" options. ("bootwait" is already the systemd default behaviour,
+ and "showthrough" is irrelevant here, so both can be ignored).
+ * Add autopkgtest for one-time boot with upstart when systemd-sysv is
+ installed. This test only works under Ubuntu which has a split out
+ upstart-bin package, and will be skipped under Debian.
+ * debian/ifup@.service: Check if ifup succeeds by calling ifquery, to
+ work around ifup not failing on invalid interfaces (see #773539)
+ * debian/ifup@.service: Set proper service type (oneshot).
+ * sysv-generator: Handle .sh suffixes when translating Provides:.
+ (Closes: #775889)
+ * sysv-generator: Make real units overwrite symlinks generated by Provides:
+ from other units. Fixes failures due to presence of backup or old init.d
+ scripts. (Closes: #775404)
+ * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN.
+ (Closes: #775067)
+ * Re-enable AppArmor support, now that libapparmor1 moved to /lib. Add
+ versioned dependency as long as this is still only in experimental.
+ (Closes: #775331)
+ * Add some missing dpkg and ucf temp files to the "hidden file" filter, to
+ e. g. avoid creating units for them through the sysv-generator.
+ (Closes: #775903)
+ * Silence useless warning about /etc/localtime not being a symlink. This is
+ deliberate in Debian with /usr (possibly) being on a separate partition.
+ (LP: #1409594)
+
+ [ Christian Kastner ]
+ * Use common-session-noninteractive in systemd-user's PAM config, instead of
+ common-session. The latter can include PAM modules like libpam-mount which
+ expect to be called just once and/or interactively, which already happens
+ for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as
+ it's not included in -noninteractive, but is always required (and
+ idempotent). There is no net change on systemd which don't use manually
+ installed PAM modules. (Closes: #739676)
+
+ [ Michael Biebl ]
+ * Make sure we run debian-fixup.service after /var has been mounted if /var
+ is on a separate partition. Otherwise we might end up creating the
+ /var/lock and /var/run symlink in the underlying root filesystem.
+ (Closes: #768644)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 21 Jan 2015 15:57:50 +0100
+
+systemd (218-3) experimental; urgency=medium
+
+ * build-logind autopkgtest: Re-enforce that sd_login_monitor_new() succeeds,
+ and restrict this test to isolation-container. (Reproduces LP #1400203)
+ * Bring back patch to make sd_login_monitor_new() work under other init
+ systems where /sys/fs/cgroup/systemd/machine does not exist.
+ (LP: #1400203)
+ * build-login autopkgtest: Build against libsystemd, not libsystemd-login
+ any more.
+ * Add debian/extra/systemd-vconsole-setup.service dependency shim for
+ the console-setup init script, to avoid breaking dependencies of
+ third-party packages. Install it for Ubuntu only for now, as in Debian
+ plymouth's unit got adjusted. (LP: #1392970, Debian #755194)
+ * Mark systemd{,-sysv} as M-A: foreign (thanks lintian).
+ * Quiesce maintainer-script-calls-systemctl lintian warning.
+ * Quiesce possibly-insecure-handling-of-tmp-files lintian warning, it's
+ wrong there (we are handling tmpfiles.d/ files which are not in a temp
+ dir).
+ * Use dh_installinit's --noscript instead of --no-start for the upstart
+ jobs without sysvinit scripts (thanks lintian).
+ * Put systemd.pc into arch specific pkgconfig dir, as it contains the arch
+ specific libdir value.
+ * Don't enable audit by default. It causes flooding of dmesg and syslog,
+ suppressing actually important messages. (Closes: #773528)
+ * Cherrypick various bug fixes in loopback device setup and netlink socket
+ communication. Fixes massive CPU usage due to tight retry loops in user
+ LXC containers.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 29 Dec 2014 14:55:35 +0100
+
+systemd (218-2) experimental; urgency=medium
+
+ * boot-and-services AppArmor autopkgtest: Stop checking the dmesg log; it is
+ racy as sometimes message bursts are suppressed.
+ * Fix crash in timedatectl with Etc/UTC.
+ * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong
+ copy&paste'd comment, fix log strings. Thanks Adam D. Barratt.
+ * boot-and-services: Robustify Nspawn tests, and show systemd-nspawn output
+ on failure.
+ * Disable tests which fail on buildds, presumably due to too old kernels,
+ misconfigured /etc/hosts, and similar problems. Make failures of the test
+ suite fatal now.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 16 Dec 2014 08:24:38 +0100
+
+systemd (218-1) experimental; urgency=medium
+
+ * New upstream release. Drop all cherry-picked patches and port the Debian
+ specific ones.
+ - Create /etc/machine-id on boot if missing. (LP: #1387090)
+ * Add new libmount-dev build dependency.
+ * Configure with --enable-split-usr.
+ * Merge some permanent Ubuntu changes, using dpkg-vendor:
+ - Don't symlink udev doc directories.
+ - Add epoch to gudev packages; Ubuntu packaged the standalone gudev before
+ it got merged into udev.
+ - Add Apport hooks for udev and systemd.
+ * udev-fallback-graphics upstart job: Guard the modprobe with || true to
+ avoid a failure when vesafb is compiled in. (LP: #1367241)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 14 Dec 2014 13:58:39 +0100
+
+systemd (217-4) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Reinstate a debian/extra/rules/50-firmware.rules which immediately tells
+ the kernel that userspace firmware loading failed. Otherwise it tries for a
+ minute to call the userspace helper (if CONFIG_FW_LOADER_USER_HELPER is
+ enabled) in vain, which causes long delays with devices which have a range
+ of possible firmware versions. (LP: #1398458)
+ * debian/systemd.postinst: Don't always restart journald, as this currently
+ can't be done without losing the current journal and breaking attached
+ processes. So only restart it from upgrades < 215-3 (where the socket
+ location got moved) as an one-time upgrade path from wheezy.
+ (Closes: #771122)
+ * Revert "Modify insserv generator to mask sysvinit-only display managers".
+ This is still under dispute, a bit risky, and might get a different
+ implementation. Also, nodm really needs to be fixed properly, working
+ around it is both too risky and also too hard to get right.
+
+ [ Didier Roche ]
+ * Add display managers autopkgtests.
+ * Reset display-manager symlink to match /e/X/d-d-m even if
+ display-manager.service was removed. Adapt the autopkgtests for it.
+ (LP: #1400680)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 11 Dec 2014 18:06:54 +0200
+
+systemd (217-3) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * systemd.bug-script: Really capture stderr of systemd-delta.
+ (Closes: #771498)
+ * boot-and-services autopkgtest: Give test apparmor job some time to
+ actually finish.
+
+ [ Didier Roche ]
+ * updated debian/patches/insserv.conf-generator.patch:
+ - if /etc/X11/default-display-manager doesn't match a systemd unit
+ (or doesn't exist), be less agressive about what to mask: we let
+ all sysvinit-only display-manager units enabled to fallback to previous
+ behavior and let them starting. (Closes: #771739)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 02 Dec 2014 16:53:36 +0100
+
+systemd (217-2) experimental; urgency=medium
+
+ * Re-enable journal forwarding to syslog, until Debian's sysloggers
+ can/do all read from the journal directly.
+ * Fix hostnamectl exit code on success.
+ * Fix "diff failed with error code 1" spew with systemd-delta.
+ (Closes: #771397)
+ * Re-enable systemd-resolved. This wasn't meant to break the entire
+ networkd, just disable the new NSS module. Remove that one manually
+ instead. (Closes: #771423, LP: #1397361)
+ * Import v217-stable patches (up to commit bfb4c47 from 2014-11-07).
+ * Disable AppArmor again. This first requires moving libapparmor to /lib
+ (see #771667). (Closes: #771652)
+ * systemd.bug-script: Capture stderr of systemd-{delta,analyze}.
+ (Closes: #771498)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 01 Dec 2014 15:09:09 +0100
+
+systemd (217-1) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release. Drop all cherry-picked patches and port the Debian
+ specific ones.
+ * Disable systemd-resolved for now. It still needs to mature, and
+ integration into Debian should be discussed first.
+ * Bump util-linux dependency to >= 2.25 as per NEWS.
+ * Drop installation of 50-firmware.rules, not shipped upstream any more.
+ Firmware loading is now exclusively done by the kernel.
+ * Drop installation of readahead related services and code, readahead got
+ dropped in this version.
+ * Ship new networkctl CLI tool.
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * debian/rules: Call dpkg-gensymbols with -c4 to immediately spot
+ changed/missing symbols during build.
+ * boot-and-services autopkgtest: Test AppArmor confined units (LP #1396270)
+ * Create new "systemd-journal-remote" system group, for
+ systemd-tmpfiles-setup.service.
+
+ [ Marc Deslauriers ]
+ * Build-depend on libapparmor-dev to enable AppArmor support. (LP: #1396270)
+
+ [ Didier Roche ]
+ * Handle display-manager transitions: (Closes: #748668)
+ - Add a generator to ensure /etc/X11/default-display-manager is controlling
+ which display-manager is started.
+ - Modify insserv generator to mask of sysvinit-only dms with insserv
+ $x-display-manager tag if they don't match
+ /etc/X11/default-display-manager. This avoids starting multiple dms at
+ boot.
+ * Cherry-pick Shared-add-readlink_value.patch as using that function in the
+ generator.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 28 Nov 2014 10:53:58 +0100
+
+systemd (215-18) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * manager: Pass correct errno to strerror(), have_ask_password contains
+ negative error values which have to be negated when being passed to
+ strerror().
+
+ [ Martin Pitt ]
+ * Revert upstream commit 743970d which immediately SIGKILLs units during
+ shutdown. This leads to problems like bash not being able to write its
+ history, mosh not saving its state, and similar failed cleanup actions.
+ (Closes: #784720, LP: #1448259)
+ * write_net_rules: Escape '{' and '}' characters as well, to make this work
+ with busybox grep. Thanks Faidon Liambotis! (Closes: #765577)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 21 May 2015 15:49:30 +0200
+
+systemd (215-17) unstable; urgency=high
+
+ * cryptsetup: Implement offset and skip options. (Closes: #751707,
+ LP: #953875)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 16 Apr 2015 10:26:46 -0500
+
+systemd (215-16) unstable; urgency=medium
+
+ [ Christian Seiler ]
+ * Don't run hwclock-save.service in containers. (Closes: #782377)
+
+ [ Michael Biebl ]
+ * Do not print anything while passwords are being queried. This should make
+ password prompts without plymouth more usable. (Closes: #765013)
+ * Skip filesystem check if already done by the initramfs. (Closes: #782522)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 13 Apr 2015 19:42:32 +0200
+
+systemd (215-15) unstable; urgency=medium
+
+ [ Adam Conrad ]
+ * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload
+ when init scripts are installed or removed (Closes: #766429)
+
+ [ Martin Pitt ]
+ * Fix getty restart loop when PTS device is gone. (Closes: #780711)
+ * Run timesyncd in virtual machines. (Closes: #762343)
+ * Make logind work in environments without CAP_SYS_ADMIN (mostly
+ containers). Thanks Christian Seiler for the backporting!
+ (Closes: #778608)
+ * Check for correct signatures when setting properties. Fixes systemd
+ getting stuck on trying to set invalid property types. (Closes: #781602)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 09 Apr 2015 10:12:37 +0200
+
+systemd (215-14) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Map $x-display-manager LSB facility to display-manager.service instead of
+ making it a target. Using a target had the downside that multiple display
+ managers could hook into it at the same time which could lead to several
+ failed start attempts for the non-default display manager.
+ * Update insserv-generator and map $x-display-manager to
+ display-manager.service, following the recent change in sysv-generator.
+ This avoids creating references to a no longer existing
+ x-display-manager.target unit.
+ * Cherry-pick upstream fix to increase the SendBuffer of /dev/log to 8M.
+
+ [ Martin Pitt ]
+ * scope: Make attachment of initial PIDs more robust. Fixes crash with
+ processes that get started by an init.d script with a different (aliased)
+ name when the cgroup becomes empty. (Closes: #781210)
+ * boot-and-services, display-managers autopkgtests: Add missing python3 test
+ dependency.
+ * Don't attempt to mount the same swap partition twice through different
+ device node aliases. (Closes: #772182, LP: #1399595)
+
+ [ Christian Seiler ]
+ * Make the journald to syslog forwarding more robust by increasing the
+ maximum datagram queue length from 10 to 512. (Closes: #762700)
+
+ [ Marco d'Itri ]
+ * Avoid writing duplicate entries in 70-persistent-net.rules by double
+ checking if the new udev rule has already been written for the given
+ interface. This happens if multiple add events are generated before the
+ write_net_rules script returns and udevd renames the interface.
+ (Closes: #765577)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 30 Mar 2015 13:26:52 +0200
+
+systemd (215-13) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add hwclock-save.service to sync the system clock to the hardware clock on
+ shutdown, to provide monotonic time for reboots. (Note: this is a hack for
+ jessie; the next Debian release will enable timesyncd by default).
+ (Closes: #755722)
+ * Check for correct architecture identifiers for SuperH. (Closes: #779710)
+ * networkd: Fix stopping v4 dhcpclient when the carrier is lost. Thanks
+ Christos Trochalakis! (Closes: #779571)
+ * Fix segfault with units that depend on themselves. (Closes: #780675)
+ * tmpfiles-setup-dev: Call tmpfiles with --boot to allow unsafe device
+ creation. Fixes creation of static device nodes with kmod 20.
+ (Closes: #780263)
+
+ [ Christian Seiler ]
+ * core: Don't migrate PIDs for units that may contain subcgroups.
+ This stops messing up lxc/libvirt/other custom cgroup layouts after
+ daemon-reload. (Closes: #777164)
+ * sysv-generator: add support for /etc/insserv/overrides. (Closes: #759001)
+
+ [ Michael Biebl ]
+ * debian/udev.init: Recognize '!' flag with static device lists, to work
+ with kmod 20. (Closes: #780263)
+
+ [ Didier Roche ]
+ * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
+ an After relationship. (Closes: #779902)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 26 Mar 2015 14:23:35 +0100
+
+systemd (215-12) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or
+ described in manpages. Only keep the Debian specific bits.
+ (Part of #776546)
+ * Actually install udev's README.Debian when building for Debian.
+ (Closes: #776546)
+ * Only start logind if dbus is installed. This fixes the noisy startup
+ failure in environments without dbus such as LXC containers or servers.
+ (part of #772700)
+ * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if
+ dbus is not installed, and hence logind cannot auto-start them on demand.
+ (Closes: #772700)
+ * Add unit-config autopkgtest to check systemd unit/sysv init enabling and
+ disabling via systemctl. This avoids bugs like #777613 (did not affect
+ unstable).
+ * cgroup: Don't trim cgroup trees created by someone else, just the ones
+ that systemd itself created. This avoids cleaning up empty cgroups from
+ e.g. LXC. (Closes: #777601)
+ * boot-and-services autopkgtest: Add CgroupsTest to check cgroup
+ creation/cleanup behaviour. This reproduces #777601 and verifies the fix
+ for it.
+ * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids
+ kernel buffer I/O errors and timeouts. (LP: #1333140)
+ * Document systemctl --failed option. (Closes: #767267)
+
+ [ Michael Biebl ]
+ * core: Don't fail to run services in --user instances if $HOME is missing.
+ (Closes: #759320)
+
+ [ Didier Roche ]
+ * default-display-manager-generator: Avoid unnecessary /dev/null symlink and
+ warning if there is no display-manager.service unit.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 13 Feb 2015 12:08:31 +0100
+
+systemd (215-11) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * escape-beef-up-new-systemd-escape-tool.patch: Avoid creating a dangling
+ symlink, to work around regression in recent patch (see #776257).
+ * Order ifup@.service and networking.service after network-pre.target.
+ (Closes: #766938)
+ * Tone down "Network interface NamePolicy= disabled on kernel commandline,
+ ignoring" info message to debug, as we expect this while we disable
+ net.ifnames by default. (Closes: #762101, LP: #1411992)
+ * logind: handle closing sessions over daemon restarts. (Closes: #759515,
+ LP: #1415104)
+ * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release
+ after log out actually work.
+ * debian/patches/series: Move upstreamed patches into the appropriate
+ section.
+
+ [ Michael Biebl ]
+ * Make sure we run debian-fixup.service after /var has been mounted if /var
+ is on a separate partition. Otherwise we might end up creating the
+ /var/lock and /var/run symlink in the underlying root filesystem.
+ (Closes: #768644)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 29 Jan 2015 09:01:54 +0100
+
+systemd (215-10) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * sysv-generator: Handle .sh suffixes when translating Provides:.
+ (Closes: #775889)
+ * sysv-generator: Make real units overwrite symlinks generated by Provides:
+ from other units. Fixes failures due to presence of backup or old init.d
+ scripts. (Closes: #775404)
+ * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN.
+ (Closes: #775067)
+
+ [ Christian Kastner ]
+ * Use common-session-noninteractive in systemd-user's PAM config, instead of
+ common-session. The latter can include PAM modules like libpam-mount which
+ expect to be called just once and/or interactively, which already happens
+ for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as
+ it's not included in -noninteractive, but is always required (and
+ idempotent). There is no net change on systemd which don't use manually
+ installed PAM modules. (Closes: #739676)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 21 Jan 2015 13:18:05 +0100
+
+systemd (215-9) unstable; urgency=medium
+
+ [ Didier Roche ]
+ * Add display managers autopkgtests.
+ * Reset display-manager symlink to match /e/X/d-d-m even if
+ display-manager.service was removed. Adapt the autopkgtests for it.
+
+ [ Martin Pitt ]
+ * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong
+ copy&paste'd comment, fix log strings. Thanks Adam D. Barratt.
+ * Log all members of cyclic dependencies (loops) even with quiet on the
+ kernel cmdline. (Closes: #770504)
+ * Don't auto-clean PrivateTmp dir in /var/tmp; in Debian we don't want to
+ clean /var/tmp/ automatically. (Closes: #773313)
+
+ [ Michael Biebl ]
+ * sysv-generator: handle Provides: for non-virtual facility names.
+ (Closes: #774335)
+ * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr
+ isn't mounted yet. This happens with initramfs-tools < 0.118 which we
+ might not get into Jessie any more. (Closes: #742048)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 13 Jan 2015 11:24:43 +0100
+
+systemd (215-8) unstable; urgency=medium
+
+ [ Didier Roche ]
+ * Cherry-pick shared-add-readlink_value.patch, we will use that function in
+ the generator.
+ * Cherry-pick util-allow-strappenda-to-take-any-number-of-args.patch, we
+ will use that function in the generator.
+ * Handle multiple display managers which don't ship a systemd unit or the
+ corresponding postinst logic for updating display-manager.service: Add a
+ generator to ensure /etc/X11/default-display-manager is controlling which
+ display-manager is started. (Closes: #771287)
+
+ [ Sjoerd Simons ]
+ * d/p/core-Fix-bind-error-message.patch:
+ + Added. Fix error message on bind failure to print the full path
+ * d/p/core-Make-binding-notify-private-dbus-socket-more-ro.patch:
+ + Added. Be more robust when binding private unix sockets (Based on current
+ upstream logic) (Closes: #761306)
+
+ [ Martin Pitt ]
+ * Clean up ...journal~ files from unclean shutdowns. (Closes: #771707)
+ * debian/systemd.postinst: Don't always restart journald, as this currently
+ can't be done without losing the current journal and breaking attached
+ processes. So only restart it from upgrades < 215-3 (where the socket
+ location got moved) as an one-time upgrade path from wheezy.
+ (Closes: #771122)
+ * journalctl: Fix help text for --until. (Closes: #766598)
+ * Bump systemd's udev dependency to >= 208-8, so that on partial upgrades we
+ make sure that the udev package has appropriate Breaks:. In particular,
+ this avoids installing current udev with kmod << 14. (Closes: #771726)
+
+ [ Michael Biebl ]
+ * systemd.postinst: Move unit enablement after restarting systemd, so that
+ we don't fail to enable units with keywords that wheezy's systemd does not
+ understand yet. Fixes enabling getty units on wheezy upgrades with
+ systemd. (Closes: #771204)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 05 Dec 2014 10:01:24 +0100
+
+systemd (215-7) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add myself to Uploaders.
+ * Add boot-and-services autopkgtest: Check booting with systemd-sysv and
+ that the most crucial services behave as expected.
+ * logind autopkgtest: Fix stderr output in waiting loop for scsi_debug.
+ * Add nspawn test to boot-and-services autopkgtest.
+ * Make systemd-nspawn@.service work out of the box: (Closes: #770275)
+ - Pre-create /var/lib/container with a secure mode (0700) via tmpfiles.d.
+ - Add new try-{guest,host} modes for --link-journal to silently skip
+ setting up the guest journal if the host has no persistent journal.
+ - Extend boot-and-services autopkgtest to cover systemd-nspawn@.service.
+ * Cherry-pick upstream patch to fix SELinux unit access check (regression
+ in 215).
+ * sysv-generator: Avoid wrong dependencies for failing units. Thanks to
+ Michael Biebl for the patch! (Closes: #771118)
+ * Cherry-pick patches to recognize and respect the "discard" mount option
+ for swap devices. Thanks to Aurelien Jarno for finding and testing!
+ (Closes: #769734)
+
+ [ Jon Severinsson]
+ * Add /run/shm -> /dev/shm symlink in debian/tmpfiles.d/debian.conf. This
+ avoids breakage in Jessie for packages which still refer to /run/shm, and
+ while https://wiki.debian.org/ReleaseGoals/RunDirectory is still official.
+ (LP: #1320534, Closes: #674755).
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 28 Nov 2014 06:43:15 +0100
+
+systemd (215-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Cherry-pick upstream patch to fix udev crash in link_config_get().
+ * Cherry-pick upstream patch to fix tests in limited schroot environments.
+ * Add d/p/Add-env-variable-for-machine-ID-path.patch: Allow specifying an
+ alternate /etc/machine-id location. This is necessary for running tests
+ as long as it isn't in our base images (see Debian #745876)
+ * Run tests during package build. For the first round don't make them fatal
+ for now (that will happen once we see results from all the architectures).
+ * Drop our Check-for-kmod-binary.patch as the upstream patch
+ units-conditionalize-static-device-node-logic-on-CAP.patch supersedes it.
+ * Drop Use-comment-systemd.-syntax-in-systemd.mount-man-pag.patch, as
+ our util-linux is now recent enough. Bump dependency to >= 2.21.
+ * Adjust timedated and hostnamed autopkgtests to current upstream version.
+ * Replace our Debian hwdb.bin location patch with what got committed
+ upstream. Run hwdb update with the new --usr option to keep current
+ behaviour.
+ * debian/README.Debian: Document how to debug boot or shutdown problems with
+ the debug shell. (Closes: #766039)
+ * Skip-99-systemd.rules-when-not-running-systemd-as-in.patch: Call path_id
+ under all init systems, to get consistent ID_PATH attributes. This is
+ required so that tools like systemd-rfkill can be used with SysVinit or
+ upstart scripts, too. (LP: #1387282)
+ * Switch libpam-systemd dependencies to prefer systemd-shim over
+ systemd-sysv, to implement the CTTE decision #746578. This is a no-op on
+ systems which already have systemd-sysv installed, but will prevent
+ installing that on upgrades. (Closes: #769747)
+ * Remove Tollef from Uploaders: as per his request. Thanks Tollef for all
+ you work!
+ * net.agent: Properly close stdout/err FDs, to avoid long hangs during udev
+ settle. Thanks to Ben Hutchings! (Closes: #754987)
+ * Bump Standards-Version to 3.9.6 (no changes necessary).
+
+ [ Didier Roche ]
+ * debian/ifup@.service: add a ConditionPath on /run/network, to avoid
+ failing the unit if /etc/init.d/networking is disabled. (Closes: #769528)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 18 Nov 2014 12:37:22 +0100
+
+systemd (215-5) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Unblacklist hyperv_fb again, it is needed for graphical support on Hyper-V
+ platforms. Thanks Andy Whitcroft! (LP: #1359933)
+ * Bump systemd-shim Depends/Breaks to 8-2 to ensure a lockstep upgrade.
+ (Closes: #761947)
+
+ [ Sjoerd Simons ]
+ * d/p/sd-bus-Accept-no-sender-as-the-destination-field.patch
+ + Fix compatibility between systemctl v215 and v208. Resolves issue when
+ reloads of services is requested before systemd is re-execed
+ (Closes: #762146)
+
+ [ Michael Biebl ]
+ * Don't overmount existing /run/user/<UID> directories with a per-user tmpfs
+ on upgrades. (Closes: #762041)
+ * Re-enable mount propagation for udevd. This avoids that broken software
+ like laptop-mode-tools, which runs mount from within udev rules, causes
+ the root file system to end up read-only. (Closes: #762018)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 27 Sep 2014 17:49:47 +0200
+
+systemd (215-4) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Michael Biebl <biebl@debian.org> Mon, 15 Sep 2014 17:38:30 +0200
+
+systemd (215-3) experimental; urgency=medium
+
+ [ Ben Howard ]
+ * 75-persistent-net-generator.rules: Fix matches of HyperV. (LP: #1361272)
+
+ [ Martin Pitt ]
+ * 75-persistent-net-generator.rules: Add new MS Azure MAC prefix 00:25:ae.
+ (LP: #1367883)
+
+ [ Michael Biebl ]
+ * Update upstream v215-stable patch series.
+ * The /dev/log socket and /dev/initctl FIFO have been moved to /run and
+ replaced by symlinks. Create the symlinks manually on upgrades as well.
+ (Closes: #761340)
+ * Fix incorrect paths in man pages. (LP: #1357782, Closes: #717491)
+ * Make systemd recommend dbus so it is installed on upgrades. The dbus
+ system bus is required to run systemd-logind and the autovt feature relies
+ on logind. (Closes: #758111)
+ * Bump dependency on systemd-shim to (>= 7-2) to ensure we have a version
+ which supports systemd >= 209.
+ * Rework bug-script to be more upfront about what kind of data is gathered
+ and ask the user for permission before attaching the information to the
+ bug report. (Closes: #756248)
+
+ [ Sjoerd Simons ]
+ * d/p/buildsys-Don-t-default-to-gold-as-the-linker.patch
+ + Don't explicitly pick gold as the default linker. Fixes FTBFS on sparc
+ (Closes: #760879)
+
+ -- Sjoerd Simons <sjoerd@debian.org> Sun, 14 Sep 2014 20:14:49 +0200
+
+systemd (215-2) experimental; urgency=medium
+
+ * debian/patches/always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch
+ + Added. Fix checking of system endianness. Fixes FTBFS on powerpc
+ * debian/patches/timesyncd-when-we-don-t-know-anything-about-the-netw.patch:
+ + Let timesyncd go online even if networkd isn't running (from upstream
+ git) (Closes: #760087)
+ * debian/rules: add systemd-update-utmp-runlevel.service to
+ {poweroff, rescue, multi-user, graphical, reboot}.target.wants to trigger
+ the runlevel target to be loaded
+
+ -- Sjoerd Simons <sjoerd@debian.org> Sun, 07 Sep 2014 23:46:02 +0200
+
+systemd (215-1) experimental; urgency=medium
+
+ * New upstream release.
+ * Import upstream v215-stable patch series.
+ * Rebase remaining Debian patches on top of v215-stable.
+ * Drop our Debian-specific run-user.mount unit as upstream now creates a
+ per-user tmpfs via logind.
+ * Don't rely on new mount from experimental for now and re-add the patch
+ which updates the documentation accordingly.
+ * Cherry-pick upstream fix to use correct versions for the new symbols that
+ were introduced in libudev.
+ * Update symbols files
+ - Add two new symbols for libudev1.
+ - Remove private symbol from libgudev-1.0-0. This symbol was never part of
+ the public API and not used anywhere so we don't need a soname bump.
+ * Cherry-pick upstream commit to not install busname units if kdbus support
+ is disabled.
+ * Make /run/lock tmpfs an API fs so it is available during early boot.
+ (Closes: #751392)
+ * Install new systemd-path and systemd-escape binaries.
+ * Cherry-pick upstream commit which fixes the references to the systemctl
+ man page. (Closes: #760613)
+ * Use the new systemd-escape utility to properly escape the network
+ interface name when starting an ifup@.service instance for hotplugged
+ network interfaces. Make sure a recent enough systemd version is installed
+ by bumping the versioned Breaks accordingly. (Closes: #747044)
+ * Order ifup@.service after networking.service so we don't need to setup the
+ runtime directory ourselves and we have a defined point during boot when
+ hotplugged network interfaces are started.
+ * Disable factory-reset feature and remove files associated with it. This
+ feature needs more integration work first before it can be enabled in
+ Debian.
+ * Cherry-pick upstream commit to fix ProtectSystem=full and make the
+ ProtectSystem= option consider /bin, /sbin, /lib and /lib64 (if it exists)
+ on Debian systems. (Closes: #759689)
+ * Use adduser in quiet mode when creating the system users/groups to avoid
+ warning messages about the missing home directories. Those are created
+ dynamically during runtime. (Closes: #759175)
+ * Set the gecos field when creating the system users.
+ * Add systemd-bus-proxy system user so systemd-bus-proxyd can properly drop
+ its privileges.
+ * Re-exec systemd and restart services at the end of postinst.
+ * Cherry-pick upstream commit for sd-journal to properly convert
+ object->size on big endian which fixes a crash in journalctl --list-boots.
+ (Closes: #758392)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 07 Sep 2014 09:58:48 +0200
+
+systemd (214-1) experimental; urgency=medium
+
+ * New upstream release v214.
+ (Closes: #750793, #749268, #747939)
+
+ [ Jon Severinsson ]
+ * Import upstream v214-stable patch series.
+ - Rebase remaining Debian patches on top of v214-stable.
+ - Drop modifications to the now-removed built-in sysvinit support.
+ * Install the new combined libsystemd0 library, this library combines all
+ functionality of the various libsystemd-* libraries.
+ - Deprecate the old libsystemd-* libraries as they've been bundled into
+ libsystemd0. The old -dev files now just carry a transitional .pc file.
+ - Add new symbols file for libsystemd0.
+ * Update symbols file for libgudev-1.0-0.
+ * Remove pre-generated rules and unit files in debian/rules clean target.
+ * Add new systemd service users in systemd postinst (systemd-timesync,
+ systemd-network, systemd-resolve)
+ * Add new system group "input" used by udev rules in udev postinst.
+ * Try-restart networkd, resolved, and timesyncd after an upgrade.
+ * Do not force-enable default-on services on every upgrade.
+ * Add support for rcS.d init scripts to the sysv-generator.
+ - Do not order rcS.d services after local-fs.target if they do not
+ explicitly depend on $local_fs.
+ - Map rcS.d init script dependencies to their systemd equivalent.
+ - Special-case some dependencies for sysv init scripts for better
+ backwards compatibility. (Closes: #726027, #738965).
+ * Add systemd depends on new mount. (Closes: #754411)
+ * Update /run/initctl symlink target in debian/tmpfiles.d/debian.conf.
+ * Remove stored backlog state, rfkill state, random-seed and clock
+ information from /var/lib/systemd on systemd purge.
+
+ [ Sjoerd Simons ]
+ * debian/patches/shared-include-stdbool.h-in-mkdir.h.patch
+ + Added. Include stdbool before using bool in function prototypes. Fixes
+ build of the insserv generator
+ * Add python-lxml to build-depends for python-systemd
+ * Turn on parallel build support
+ * Install the new busctl binary and translations
+ * Explicitly disable microhttp so the package build doesn't fail if the
+ required dependencies for it happen to be installed.
+ * debian/control: Make udev break plymouth (<< 0.9.0-7) as older plymouths
+ assume udev implementation details that have changed slightly since v213
+ * debian/control: Remove b-d on librwap0-dev
+ * debian/control: Bump libkmod-dev b-d to >= 15
+ * debian/rules: Drop outdated --enable-tcpwrap
+ * debian/rules: Explicitly turn off rfkill, networkd, timesyncd and resolved
+ for the udeb build
+ * debian/rules: Use the debian ntp pool as default ntp servers
+ * debian/rules: explicitely configure the maximum system uid/gids instead of
+ relying on autodetection
+
+ -- Sjoerd Simons <sjoerd@debian.org> Sun, 24 Aug 2014 14:54:27 +0200
+
+systemd (208-8) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Fix duplicate line in copyright. (Closes: #756899)
+ * Drop --disable-xattr configure option for udeb, does not exist any more.
+ * Add Turkish debconf translations. Thanks Mert Dirik! (Closes: #757498)
+ * Backport fix for lazy session-activation on non-seat0 seats.
+ (LP: #1355331)
+
+ [ Michael Biebl ]
+ * Use "kmod static-nodes --output=/proc/self/fd/1" in make_static_nodes() as
+ we can't rely on /dev/stdout to exist at this point during boot.
+ (Closes: #757830)
+ * Fix udev SysV init script and d-i start script to not write to
+ /sys/kernel/uevent_helper unconditionally to not fail on a kernel with
+ CONFIG_UEVENT_HELPER unset. (Closes: #756312)
+ * Add Breaks: kmod (<< 14) to udev to make sure we have a kmod version
+ supporting the static-nodes command.
+ * Add Breaks: systemd (<< 208) to udev to avoid partial upgrades. Newer udev
+ versions rely on kmod-static-nodes.service being provided by systemd.
+ (Closes: #757777)
+ * Updated upstream v208-stable patch series to 53b1b6c.
+ * Cherry-pick upstream fix to ignore temporary dpkg files. (Closes: #757302)
+ * Make emergency.service conflict with rescue.service.
+ Otherwise if rescue mode is selected during boot and the emergency mode
+ is triggered (e.g. via a broken fstab entry), we have two sulogin
+ processes fighting over the tty. (Closes: #757072)
+ * Stop syslog.socket when entering emergency mode as otherwise every log
+ message triggers the start of the syslog service and its dependencies
+ which conflicts with emergency.target. (Closes: #755581)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 21 Aug 2014 00:14:21 +0200
+
+systemd (208-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Mask remaining services provided by the initscripts package and document
+ in more detail why certain services have been masked. (Closes: #659264)
+ * Install zsh completions to the correct place. (Closes: #717540)
+
+ [ Jon Severinsson ]
+ * Cherry-pick upstream fix for journal file permissions. (Closes: #755062)
+ * Map some rcS.d init script dependencies to their systemd equivalent.
+ * Update Depends on initscripts to the version with a systemd-compatible
+ mountnfs ifup hook. (Closes: #746358)
+ * Add Breaks on lvm2 versions without native systemd support.
+ (Closes: #678438, #692120)
+ * Do not fail udev upgrades if the udev service is already runtime-masked
+ when the preinst script is run. (Closes: #755746)
+ * Add Pre-Depends on systemd to systemd-sysv, to avoid risking that the
+ sysv-compatible symlinks become dangling on a partial install.
+ * Ensure that systemctl is usable right after being unpacked, by adding the
+ required Pre-Depends to systemd and libsystemd-daemon0. (Closes: #753589)
+ * Add support for TuxOnIce hibernation. (Closes: #746463)
+
+ [ Martin Pitt ]
+ * Rename "api" autopkgtest to "build-login", and stop requiring that
+ sd_login_monitor_new() succeeds. It doesn't in many environments like
+ schroot or after upgrades from < 204, and the main point of the test is
+ to check that libsystemd-login-dev has correct contents and dependencies.
+ Drop "isolation-machine" requirement.
+ * Use glibc's xattr support instead of requiring libattr. Fixes FTBFS with
+ latest glibc and libattr. Cherrypicked from trunk. Drop libattr1-dev build
+ dependency. (Closes: #756097)
+ * Build python3-systemd for Python 3 bindings. Drop python-systemd; it does
+ not have any reverse dependencies, and we want to encourage moving to
+ Python 3. (LP: #1258089)
+ * Add simple autopkgtest for python3-systemd.
+ * Add dbus dependency to libpam-systemd. (Closes: #755968)
+ * Fix /dev/cdrom symlink to appear for all types of drives, not just for
+ pure CD-ROM ones. Also, fix the symlinks to stay after change events.
+ (LP: #1323777)
+ * 75-persistent-net-generator.rules: Adjust Ravello interfaces; they don't
+ violate the assignment schema, they should just not be persistent.
+ Thanks to Boris Figovsky. (Closes: #747475, LP: #1317776)
+ * Reinstate patches to make logind D-BUS activatable.
+ * Re-add systemd-shim alternative dependency to libpam-systemd. Version it
+ to ensure cgmanager support. (Closes: #754984, LP: #1343802)
+ * Convert udev-finish.upstart from a task to a job, to avoid hangs with
+ startpar. (Closes: #756631)
+ * Add debian/extra/60-keyboard.hwdb: Latest keymaps from upstream git.
+ This makes it trivial to backport keymap fixes to stable releases.
+ (Closes: #657809; LP: #1322770, #1339998)
+ * udev.init: Create static device nodes, as this moved out of udevd.
+ Thanks to Michael Biebl for the script! (Closes: #749021)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 06 Aug 2014 13:33:22 +0200
+
+systemd (208-6) unstable; urgency=medium
+
+ [ Jon Severinsson ]
+ * Add v208-stable patch series.
+ - Update Debian patches to apply on top of v208-stable.
+ - Move new manpages to libsystemd-*-dev as appropriate.
+
+ [ Michael Biebl ]
+ * Upload to unstable.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 16 Jul 2014 00:44:15 +0200
+
+systemd (208-5) experimental; urgency=medium
+
+ * Merge changes from unstable branch.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 13:41:32 +0200
+
+systemd (208-4) experimental; urgency=medium
+
+ * Merge changes from unstable branch.
+ * Drop alternative dependency on systemd-shim in libpam-systemd. The
+ systemd-shim package no longer provides an environment to run
+ systemd-logind standalone. See #752939 for further details.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 01:22:11 +0200
+
+systemd (208-3) experimental; urgency=medium
+
+ * Merge changes from unstable branch.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 25 Jun 2014 11:29:07 +0200
+
+systemd (208-2) experimental; urgency=medium
+
+ [ Sjoerd Simons ]
+ * Don't stop a running user manager from garbage collecting the users. Fixes
+ long shutdown times when using a systemd user session
+
+ [ Michael Stapelberg ]
+ * Fix bug-script: “systemctl dump†is now “systemd-analyze dumpâ€
+ (Closes: #748311)
+
+ [ Michael Biebl ]
+ * Merge changes from unstable branch.
+ * Cherry-pick upstream fixes to make sd_session_get_vt() actually work.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 24 Jun 2014 17:45:26 +0200
+
+systemd (208-1) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream release. (Closes: #729566)
+ * Update patches.
+ * Update symbols files for libsystemd-journal and libsystemd-login.
+ * Install new files and remove the ones we don't use.
+ * Install zsh completion files. (Closes: #717540)
+ * Create a compat symlink /etc/sysctl.d/99-sysctl.conf as systemd-sysctl no
+ longer reads /etc/sysctl.conf.
+ * Bump Build-Depends on kmod to (>= 14).
+ * Bump Build-Depends on libcryptsetup-dev to (>= 2:1.6.0) for tcrypt
+ support.
+ * Make kmod-static-nodes.service check for the kmod binary since we don't
+ want a hard dependency on kmod e.g. for container installations.
+ * Disable various features which aren't required for the udeb build.
+ * Move new sd_pid_get_slice and sd_session_get_vt man pages into
+ libsystemd-login-dev.
+ * Make no-patch-numbers the default for gbp-pq.
+ * Adjust systemd-user pam config file for Debian.
+ This pam config file is used by libpam-systemd/systemd-logind when
+ launching systemd user instances.
+ * Drop patches to make logind D-Bus activatable. The cgroup handling has
+ been reworked in v205 and logind no longer creates cgroup hierarchies on
+ its own. That means that the standalone logind is no longer functional
+ without support from systemd (or an equivalent cgroup manager).
+
+ [ Martin Pitt ]
+ * Explain patch management in debian/README.source.
+
+ -- Michael Biebl <biebl@debian.org> Mon, 28 Apr 2014 00:22:57 +0200
+
+systemd (204-14) unstable; urgency=medium
+
+ * Fix SIGABRT in insserv generator caused by incorrect usage of strcat().
+ (Closes: #752992)
+ * Mark -dev packages as Multi-Arch: same. (Closes: #720017)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 13:22:43 +0200
+
+systemd (204-13) unstable; urgency=medium
+
+ * Switch back to load the sg module via the kmod builtin. The problem was
+ not that the kmod builtin is faster then modprobe but rather the incorrect
+ usage of the "=" assignment operator. We need to use "+=" here, so the sg
+ module is loaded in addition to other scsi modules, which are loaded via
+ the modalias rule. Thanks to Tommaso Colombo for the analysis.
+ * Cherry-pick upstream fix which prevents systemd from entering an infinite
+ loop when trying to break an ordering cycle. (Closes: #752259)
+ * Update insserv generator to not create any drop-in files for services
+ where the corresponding SysV init script does not exist.
+ * Drop the check for /sys/kernel/uevent_helper from postinst and the SysV
+ init script and do not unconditionally overwrite it in the initramfs hook.
+ Since a long time now udev has been using the netlink interface to
+ communicate with the kernel and with Linux 3.16 it is possible to disable
+ CONFIG_UEVENT_HELPER completely. (Closes: #752742)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 00:01:16 +0200
+
+systemd (204-12) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Change the sg loading rule (for Debian #657948) back to using modprobe.
+ kmod is too fast and then sg races with sd, causing the latter to not see
+ SCSI disks. (Closes: #752591, #752605)
+
+ [ Michael Biebl ]
+ * Update udev bug-script to attach instead of paste extra info if a new
+ enough reportbug version is available.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 25 Jun 2014 10:55:12 +0200
+
+systemd (204-11) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Explain patch management in debian/README.source. (Closes: #739113)
+ * Replace "Always probe cpu support drivers" patch with cherry-picked
+ upstream fix which is more general.
+ * Advertise hibernation only if there's enough free swap. Patches backported
+ from current upstream. (LP: #1313522)
+ * Fix typo in sg loading rule to make it actually work.
+
+ [ Michael Biebl ]
+ * Make no-patch-numbers the default for gbp-pq.
+ * Cherry-pick upstream fix to properly handle multiline syslog messages.
+ (Closes: #746351)
+ * Cherry-pick upstream fix for libudev which fixes a memleak in
+ parent_add_child().
+ * Drop "-b debian" from Vcs-Git since we use the master branch for
+ packaging now.
+ * Drop Conflicts: sysvinit (<< 2.88dsf-44~) from systemd-sysv since this
+ breaks dist-upgrades from wheezy when switching from sysvinit to
+ systemd-sysv as default init. While downgrading the Pre-Depends in
+ sysvinit would have been an alternative, dropping the Conflicts and only
+ keeping the Replaces was deemed the lesser evil. (Closes: #748355)
+ * Use Conflicts instead of Breaks against sysvinit-core. This avoids
+ /sbin/init going missing when switching from systemd-sysv to sysvinit.
+ While at it, add a Replaces: upstart. (Closes: #751589)
+ * Make the SysV compat tools try both /run/initctl and /dev/initctl. This
+ makes them usable under sysvinit as PID 1 without requiring any symlinks.
+ * Various ifupdown integration fixes
+ - Use DefaultDependencies=no in ifup@.service so the service can be
+ started as early as possible.
+ - Create the ifupdown runtime directory in ifup@.service as we can no
+ longer rely on the networking service to do that for us.
+ - Don't stop ifup@.service on shutdown but let the networking service take
+ care of stopping all hotplugged interfaces.
+ - Only start ifup@.service for interfaces configured as allow-hotplug.
+
+ [ Michael Stapelberg ]
+ * Clarify that “systemd†does not influence init whereas “systemd-sysv†does
+ (Closes: #747741)
+
+ [ Ansgar Burchardt ]
+ * Don't use "set +e; set +u" unconditionally in the lsb init-functions hook
+ as this might change the behaviour of existing SysV init scripts.
+ (Closes: #751472)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 24 Jun 2014 17:03:43 +0200
+
+systemd (204-10) unstable; urgency=medium
+
+ * In the udeb's udev.startup, make sure that /dev/pts exists.
+ * systemd-logind-launch: Set the #files ulimit, for unprivileged LXC
+ containers.
+ * Drop udev.NEWS, it only applies to pre-squeeze.
+ * Remove /var/log/udev on purge.
+ * Always probe cpu support drivers. (LP #1207705)
+ * On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC
+ for management. Name this interface "idrac" to avoid confusion with "real"
+ network interfaces.
+ * Drop numerical prefixes from patches, to avoid future diff noise when
+ removing, cherry-picking, and merging patches. From now on, always use
+ "gbp-pq export --no-patch-numbers" to update them.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 27 Apr 2014 11:53:52 +0200
+
+systemd (204-9) unstable; urgency=medium
+
+ * The "Flemish Beef and Beer Stew" release.
+
+ [ Steve Langasek ]
+ * Do proper refcounting of the PAM module package on prerm, so that we
+ don't drop the module from the PAM config when uninstalling a
+ foreign-arch package. Related to Ubuntu bug #1295521.
+
+ [ Martin Pitt ]
+ * debian/udev.udev-finish.upstart: Fix path to tmp-rules,
+ debian/extra/rule_generator.functions creates them in /run/udev/.
+ * rules: Remove the kernel-install bits; we don't want that in Debian and
+ thus it shouldn't appear in dh_install --list-missing output.
+ * Ship sd-shutdown.h in libsystemd-daemon-dev.
+ * Run dh_install with --fail-missing, to avoid forgetting files when we move
+ to new versions.
+ * Mount /dev/pts with the correct permissions in the udev, to avoid needing
+ pt_chown (not available on all architectures). Thanks Adam Conrad.
+ * Add new block of Windows Azure ethernet hardware address to
+ 75-persistent-net-generator.rules. (LP: #1274348, Closes: #739018)
+ * Drop our Debian specific 60-persistent-storage{,-tape}.rules and use the
+ upstream rules. They are compatible and do a superset of the
+ functionality. (Closes: #645466)
+ * Drop our Debian specific 80-drivers.rules and use the upstream rules with
+ a patch for the sg module (see #657948). These now stop calling modprobe
+ and use the kmod builtin, giving some nice boot speed improvement.
+ (Closes: #717404)
+ * Drop our Debian specific 50-udev-default.rules and 91-permissions.rules
+ and use the upstream rules with a patch for the remaining Debian specific
+ default device permissions. Many thanks to Marco d'Itri for researching
+ which Debian-specific rules are obsolete! Amongst other things, this now
+ also reads the hwdb info for USB devices (Closes: #717405) and gets rid of
+ some syntax errors (Closes: #706221)
+ * Set default polling interval on removable devices as well, for kernels
+ which have "block" built in instead of being a module. (Closes: #713877)
+ * Make sd_login_monitor_new() work for logind without systemd.
+ * Cherry-pick upstream fix for polkit permissions for rebooting with
+ multiple sessions.
+ * Kill /etc/udev/links.conf, create_static_nodes, and associated code. It's
+ obsolete with devtmpfs (which is required now), and doesn't run with
+ systemd or upstart anyway.
+ * Drop unnecessary udev.dirs.
+ * Add autopkgtests for smoke-testing logind, hostnamed, timedated, localed,
+ and a compile/link/run test against libsystemd-login-dev.
+
+ [ Marco d'Itri ]
+ * preinst: check for all the system calls required by modern releases
+ of udev. (Closes: #648325)
+ * Updated fbdev-blacklist.conf for recent kernels.
+ * Do not blacklist viafb because it is required on the OLPC XO-1.5.
+ (Closes: #705792)
+ * Remove write_cd_rules and the associated rules which create "persistent"
+ symlinks for CD/DVD devices and replace them with more rules in
+ 60-cdrom_id, which will create symlinks for one at random among the
+ devices installed. Since the common case is having a single device
+ then everything will work out just fine most of the times...
+ (Closes: #655924)
+ * Fix write_net_rules for systemd and sysvinit users by copying the
+ temporary rules from /run/udev/ to /etc/udev/. (Closes: #735563)
+ * Do not install sysctl.d/50-default.conf because the systemd package
+ should not change kernel policies, at least until it will become
+ the only supported init system.
+
+ [ Michael Stapelberg ]
+ * Add systemd-dbg package, thanks Daniel Schaal (Closes: #742724).
+ * Switch from gitpkg to git-buildpackage. Update README.source accordingly.
+ * Make libpam-systemd depend on systemd-sysv | systemd-shim. Packages that
+ need logind functionality should depend on libpam-systemd.
+
+ [ Michael Biebl ]
+ * Do not send potentially private fstab information without prior user
+ confirmation. (Closes: #743158)
+ * Add support for LSB facilities defined by insserv.
+ Parse /etc/insserv.conf.d content and /etc/insserv.conf and generate
+ systemd unit drop-in files to add corresponding dependencies. Also ship
+ targets for the Debian specific $x-display-manager and
+ $mail-transport-agent system facilities. (Closes: #690892)
+ * Do not accidentally re-enable /var/tmp cleaning when migrating the TMPTIME
+ setting from /etc/default/rcS. Fix up existing broken configurations.
+ (Closes: #738862)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 26 Apr 2014 21:37:29 +0200
+
+systemd (204-8) unstable; urgency=low
+
+ [ Michael Stapelberg ]
+ * move manpages from systemd to libsystemd-*-dev as appropriate
+ (Closes: #738723)
+ * fix systemctl enable/disable/… error message “Failed to issue method call:
+ No such file or directory†(the previous upload did actually not contain
+ this fix due to a merge conflict) (Closes: #738843)
+ * add explicit “Depends: sysv-rc†so that initscript’s “Depends: sysv-rc |
+ file-rc†will not be satisfied with file-rc. We need the invoke-rc.d and
+ update-rc.d from sysv-rc, file-rc’s doesn’t have support for systemd.
+ (Closes: #739679)
+ * set capabilities cap_dac_override,cap_sys_ptrace=ep for
+ systemd-detect-virt, so that it works for unprivileged users.
+ (Closes: #739699)
+ * pam: Check $XDG_RUNTIME_DIR owner (Closes: #731300)
+ * Ignore chkconfig headers entirely, they are often broken in Debian
+ (Closes: #634472)
+
+ [ Michael Biebl ]
+ * do a one-time migration of RAMTMP= from /etc/default/rcS and
+ /etc/default/tmpfs, i.e. enable tmp.mount (Closes: #738687)
+ * Bump Standards-Version to 3.9.5.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 19 Mar 2014 18:57:35 +0100
+
+systemd (204-7) unstable; urgency=low
+
+ * fix systemctl enable/disable/… error message “Failed to issue method call:
+ No such file or directory†(Closes: #734809)
+ * bug-script: attach instead of paste extra info with reportbug ≥ 6.5.0
+ (Closes: #722530)
+ * add stage1 bootstrap support to avoid Build-Depends cycles (Thanks Daniel
+ Schepler)
+ * cherry-pick:
+ order remote mounts from mountinfo before remote-fs.target (77009452cfd)
+ (Closes: #719945)
+ Fix CPUShares configuration option (ccd90a976dba) (Closes: #737156)
+ fix reference in systemd-inhibit(1) (07b4b9b) (Closes: #738316)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 11 Feb 2014 23:34:42 +0100
+
+systemd (204-6) unstable; urgency=low
+
+ [ Michael Stapelberg ]
+ * Run update-rc.d defaults before update-rc.d <enable|disable>
+ (Closes: #722523)
+ * preinst: preserve var-{lock,run}.mount when upgrading from 44 to 204
+ (Closes: #723936)
+ * fstab-generator: don’t rely on /usr being mounted in the initrd
+ (Closes: #724797)
+ * systemctl: mangle names when avoiding dbus (Closes: #723855)
+ * allow group adm read access on /var/log/journal (Closes: #717386)
+ * add systemd-journal group (Thanks Guido Günther) (Closes: #724668)
+ * copy /etc/localtime instead of symlinking (Closes: #726256)
+ * don’t try to start autovt units when not running with systemd as pid 1
+ (Closes: #726466)
+ * Add breaks/replaces for the new sysvinit-core package (Thanks Alf Gaida)
+ (Closes: #733240)
+ * Add myself to uploaders
+
+ [ Tollef Fog Heen ]
+ * Make 99-systemd.rules check for /run/systemd/systemd instead of the
+ ill-named cgroups directory.
+
+ [ Martin Pitt ]
+ * debian/udev.upstart: Fix path to udevd, the /sbin/udevd compat symlink
+ should go away at some point.
+ * debian/udev-udeb.install: Add 64-btrfs.rules and 75-probe_mtd.rules, they
+ are potentially useful in a d-i environment.
+ * debian/shlibs.local: Drop libudev; this unnecessarily generates overly
+ strict dependencies, the libudev ABI is stable.
+ * debian/extra/rules/75-persistent-net-generator.rules: Add Ravello systems
+ (LP: #1099278)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 31 Dec 2013 14:39:44 +0100
+
+systemd (204-5) unstable; urgency=high
+
+ * Cherry-pick 72fd713 from upstream which fixes insecure calling of polkit
+ by avoiding a race condition in scraping /proc (CVE-2013-4327).
+ Closes: #723713
+
+ -- Michael Biebl <biebl@debian.org> Mon, 23 Sep 2013 11:59:53 +0200
+
+systemd (204-4) unstable; urgency=low
+
+ * Add preinst check to abort udev upgrade if the currently running kernel
+ lacks devtmpfs support. Since udev 176, devtmpfs is mandatory as udev no
+ longer creates any device nodes itself. This only affects self-compiled
+ kernels which now need CONFIG_DEVTMPFS=y. Closes: #722580
+ * Fix SysV init script to correctly mount a devtmpfs instead of tmpfs. This
+ only affects users without an initramfs, which usually is responsible for
+ mounting the devtmpfs. Closes: #722604
+ * Drop pre-squeeze upgrade code from maintainer scripts and simplify the
+ various upgrade checks.
+ * Suppress errors about unknown hwdb builtin. udev 196 introduced a new
+ "hwdb" builtin which is not understood by the old udev daemon.
+ * Add missing udeb line to shlibs.local. This ensures that udev-udeb gets a
+ proper dependency on libudev1-udeb and not libudev1. Closes: #722939
+ * Remove udev-udeb dependency from libudev1-udeb to avoid a circular
+ dependency between the two packages. This dependency was copied over from
+ the old udev-gtk-udeb package and no longer makes any sense since
+ libudev1-udeb only contains a library nowadays.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 18 Sep 2013 00:05:21 +0200
+
+systemd (204-3) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Upload to unstable.
+ * Use /bin/bash in debug-shell.service as Debian doesn't have /sbin/sushell.
+ * Only import net.ifaces cmdline property for network devices.
+ * Generate strict dependencies between the binary packages using a
+ shlibs.local file and add an explicit versioned dependency on
+ libsystemd-login0 to systemd to ensure packages are upgraded in sync.
+ Closes: #719444
+ * Drop obsolete Replaces: libudev0 from udev package.
+ * Use correct paths for various binaries, like /sbin/quotaon, which are
+ installed in / and not /usr in Debian. Closes: #721347
+ * Don't install kernel-install(8) man page since we don't install the
+ corresponding binary either. Closes: #722180
+ * Cherry-pick upstream fixes to make switching runlevels and starting
+ reboot via ctrl-alt-del more robust.
+ * Cherry-pick upstream fix to properly apply ACLs to Journal files.
+ Closes: #717863
+
+ [ Michael Stapelberg ]
+ * Make systemctl enable|disable call update-rc.d for SysV init scripts.
+ Closes: #709780
+ * Don't mount /tmp as tmpfs by default and make it possible to enable this
+ feature via "systemctl enable tmp.mount". Closes: #718906
+
+ [ Daniel Schaal ]
+ * Add bug-script to systemd and udev. Closes: #711245
+
+ [ Ondrej Balaz ]
+ * Recognize discard option in /etc/crypttab. Closes: #719167
+
+ -- Michael Biebl <biebl@debian.org> Thu, 12 Sep 2013 00:13:11 +0200
+
+systemd (204-2) experimental; urgency=low
+
+ [ Daniel Schaal ]
+ * Enable verbose build logs. Closes: #717465
+ * Add handling of Message Catalog files to provide additional information
+ for log entries. Closes: #717427
+ * Remove leftover symlink to debian-enable-units.service. Closes: #717349
+
+ [ Michael Stapelberg ]
+ * Install 50-firmware.rules in the initramfs and udeb. Closes: #717635
+
+ [ Michael Biebl ]
+ * Don't pass static start priorities to dh_installinit anymore.
+ * Switch the hwdb trigger to interest-noawait.
+ * Remove obsolete support for configurable udev root from initramfs.
+ * Bind ifup@.service to the network device. This ensures that ifdown is run
+ when the device is removed and the service is stopped.
+ Closes: #660861, #703033
+ * Bump Standards-Version to 3.9.4. No further changes.
+ * Add Breaks against consolekit (<< 0.4.6-1) for udev-acl. Closes: #717385
+ * Make all packages Priority: optional, with the exception of udev and
+ libudev1, which remain Priority: important, and systemd-sysv, which
+ remains Priority: extra due to the conflict with sysvinit.
+ Closes: #717365
+ * Restart systemd-logind.service on upgrades due to changes in the
+ CreateSession D-Bus API between v44 and v204. Closes: #717403
+
+ -- Michael Biebl <biebl@debian.org> Wed, 24 Jul 2013 23:47:59 +0200
+
+systemd (204-1) experimental; urgency=low
+
+ * New upstream release. Closes: #675175, #675177
+ - In v183 the udev sources have been merged into the systemd source tree.
+ As a result, the udev binary packages will now be built from the systemd
+ source package. To align the version numbers 139 releases were skipped.
+ - For a complete list of changes, please refer to the NEWS file.
+ * Add Marco to Uploaders.
+ * Drop Suggests on the various python packages from systemd. The
+ systemd-analyze tool has been reimplemented in C.
+ * Add binary packages as found in the udev 175-7.2 source package.
+ * Wrap dependencies for better readability.
+ * Drop hard-coded Depends on libglib2.0-0 from gir1.2-gudev-1.0.
+ * Drop old Conflicts, Replaces and Breaks, which are no longer necessary.
+ * Make libgudev-1.0-dev depend on gir1.2-gudev-1.0 as per GObject
+ introspection mini-policy. Closes: #691313
+ * The hwdb builtin has replaced pci-db and usb-db in udev. Drop the
+ Recommends on pciutils and usbutils accordingly.
+ * Drop our faketime hack. Upstream uses a custom xsl style sheet now to
+ generate the man pages which no longer embeds the build date.
+ * Add Depends on libpam-runtime (>= 1.0.1-6) to libpam-systemd as we are
+ using pam-auth-update.
+ * Explicitly set Section and Priority for the udev binary package.
+ * Update Build-Depends:
+ - Drop libudev-dev, no longer required.
+ - Add gtk-doc-tools and libglib2.0-doc for the API documentation in
+ libudev and libgudev.
+ - Add libgirepository1.0-dev and gobject-introspection for GObject
+ introspection support in libgudev.
+ - Add libgcrypt11-dev for encryption support in the journal.
+ - Add libblkid-dev for the blkid udev builtin.
+ * Use gir dh addon to ensure ${gir:Depends} is properly set.
+ * Rename libudev0 → libudev1 for the SONAME bump.
+ * Update symbols files. libudev now uses symbols versioning as the other
+ libsystemd libraries. The libgudev-1.0-0 symbols file has been copied from
+ the old udev package.
+ * Run gtkdocize on autoreconf.
+ * Enable python bindings for the systemd libraries and ship them in a new
+ package named python-systemd.
+ * Tighten Depends on libsystemd-id128-dev for libsystemd-journal-dev as per
+ libsystemd-journal.pc.
+ * Remove obsolete bash-completion scripts on upgrades. Nowadays they are
+ installed in /usr/share/bash-completion/completions.
+ * Rename conffiles for logind and journald.
+ * Rename udev-gtk-udeb → libudev1-udeb to better reflect its actual contents.
+ * Build two flavours: a regular build and one for the udev udebs with
+ reduced features/dependencies.
+ * Create a few compat symlinks for the udev package, most notably
+ /sbin/udevadm and /sbin/udevd.
+ * Remove the dpkg-triggered debian-enable-units script. This was a temporary
+ workaround for wheezy. Packages should use dh-systemd now to properly
+ integrate service files with systemd.
+ * Update debian/copyright using the machine-readable copyright format 1.0.
+ * Integrate changes from udev 175-7 and acknowledge the 175-7.1 and 175-7.2
+ non-maintainer uploads.
+ * Keep the old persistent network interface naming scheme for now and make
+ the new one opt-in via net.ifnames=1 on the kernel command line.
+ * Drop the obsolete udev-mtab SysV init script and properly clean up on
+ upgrades.
+ * Simplify the udev SysV init script and remove experimental and obsolete
+ features.
+ * Revert upstream commits which dropped support for distro specific
+ features and config files.
+ * Make logind, hostnamed, localed and timedated D-Bus activatable and
+ usable when systemd is not running.
+ * Store hwdb binary database in /lib/udev, not /etc/udev. Create the file on
+ install and upgrades.
+ * Provide a dpkg file trigger for hwdb, so the database is automatically
+ updated when packages install files into /lib/udev/hwdb.d.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 19 Jul 2013 00:32:36 +0200
+
+systemd (44-12) unstable; urgency=low
+
+ * Cherry-pick e17187 from upstream to fix build failures with newer glibc
+ where the clock_* symbols have been moved from librt to libc.
+ Closes: #701364
+ * If the new init-system-helpers package is installed, make the
+ debian-enable-units script a no-op. The auto-enabler was meant as a
+ temporary workaround and will be removed once all packages use the new
+ helper.
+ * Update the checks which test if systemd is the active init. The
+ recommended check is [ -d /run/systemd/system ] as this will also work
+ with a standalone systemd-logind.
+ * Set Maintainer to pkg-systemd-maintainers@lists.alioth.debian.org. Add
+ Tollef and myself as Uploaders.
+ * Stop building the GUI bits. They have been split into a separate source
+ package called systemd-ui.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 20 Jun 2013 01:32:16 +0200
+
+systemd (44-11) unstable; urgency=low
+
+ * Team upload.
+ * Run debian-enable-units.service after sysinit.target to ensure our tmp
+ files aren't nuked by systemd-tmpfiles.
+ * The mountoverflowtmp SysV init script no longer exists so remove that
+ from remount-rootfs.service to avoid an unnecessary diff to upstream.
+ * Do not fail on purge if /var/lib/systemd is empty and has been removed
+ by dpkg.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 13 Mar 2013 08:03:06 +0100
+
+systemd (44-10) unstable; urgency=low
+
+ * Team upload.
+ * Using the return code of "systemctl is-enabled" to determine whether we
+ enable a service or not is unreliable since it also returns a non-zero
+ exit code for masked services. As we don't want to enable masked services,
+ grep for the string "disabled" instead.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 15 Feb 2013 17:01:24 +0100
+
+systemd (44-9) unstable; urgency=low
+
+ * Team upload.
+ * Fix typo in systemd.socket man page. Closes: #700038
+ * Use color specification in "systemctl dot" which is actually
+ understood by dot. Closes: #643689
+ * Fix mounting of remote filesystems like NFS. Closes: #673309
+ * Use a file trigger to automatically enable service and socket units. A lot
+ of packages simply install systemd units but do not enable them. As a
+ result they will be inactive after the next boot. This is a workaround for
+ wheezy which will be removed again in jessie. Closes: #692150
+
+ -- Michael Biebl <biebl@debian.org> Fri, 15 Feb 2013 13:35:39 +0100
+
+systemd (44-8) unstable; urgency=low
+
+ * Team upload.
+ * Use comment=systemd.* syntax in systemd.mount man page. The
+ mount/util-linux version in wheezy is not recent enough to support the new
+ x-systemd* syntax. Closes: #697141
+ * Don't enable persistent storage of journal log files. The journal in v44
+ is not yet mature enough.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 19 Jan 2013 20:05:05 +0100
+
+systemd (44-7) unstable; urgency=low
+
+ * Fix a regression in the init-functions hook wrt reload handling that was
+ introduced when dropping the X-Interactive hack. Closes: #696355
+
+ -- Michael Biebl <biebl@debian.org> Fri, 21 Dec 2012 00:00:12 +0100
+
+systemd (44-6) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * No longer ship the /sys directory in the systemd package since it is
+ provided by base-files nowadays.
+ * Don't run udev rules if systemd is not active.
+ * Converting /var/run, /var/lock and /etc/mtab to symlinks is a one-time
+ migration so don't run the debian-fixup script on every boot.
+
+ [ Tollef Fog Heen ]
+ * Prevent the systemd package from being removed if it's the active init
+ system, since that doesn't work.
+
+ [ Michael Biebl ]
+ * Use a separate tmpfs for /run/lock (size 5M) and /run/user (size 100M).
+ Those directories are user-writable which could lead to DoS by filling up
+ /run. Closes: #635131
+
+ -- Michael Biebl <biebl@debian.org> Sun, 16 Dec 2012 21:58:37 +0100
+
+systemd (44-5) unstable; urgency=low
+
+ * Team upload.
+
+ [ Tollef Fog Heen ]
+ * disable killing on entering START_PRE, START, thanks to Michael
+ Stapelberg for patch. This avoids killing VMs run through libvirt
+ when restarting libvirtd. Closes: #688635.
+ * Avoid reloading services when shutting down, since that won't work and
+ makes no sense. Thanks to Michael Stapelberg for the patch.
+ Closes: #635777.
+ * Try to determine which init scripts support the reload action
+ heuristically. Closes: #686115, #650382.
+
+ [ Michael Biebl ]
+ * Update Vcs-* fields, the Git repository is hosted on alioth now. Set the
+ default branch to "debian".
+ * Avoid reload and (re)start requests during early boot which can lead to
+ deadlocks. Closes: #624599
+ * Make systemd-cgroup work even if not all cgroup mounts are available on
+ startup. Closes: #690916
+ * Fix typos in the systemd.path and systemd.unit man page. Closes: #668344
+ * Add watch file to track new upstream releases.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 25 Oct 2012 21:41:23 +0200
+
+systemd (44-4) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Override timestamp for man page building, thereby avoiding skew
+ between architectures which caused problems for multi-arch.
+ Closes: #680011
+
+ [ Tollef Fog Heen ]
+ * Move diversion removal from postinst to preinst. Closes: #679728
+ * Prevent the journal from crashing when running out of disk space.
+ This is 499fb21 from upstream. Closes: #668047.
+ * Stop mounting a tmpfs on /media. Closes: #665943
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sun, 01 Jul 2012 08:17:50 +0200
+
+systemd (44-3) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Bump to debhelper 9.
+ * Convert to Multi-Arch: same where possible. Closes: #676615
+
+ [ Tollef Fog Heen ]
+ * Cherry-pick d384c7 from upstream to stop journald from leaking
+ memory. Thanks to Andreas Henriksson for testing. Closes: #677701
+ * Ship lsb init script override/integration in /lib/lsb/init-functions.d
+ rather than diverting /lib/lsb/init-functions itself. Add appropriate
+ Breaks to ensure upgrades happen.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Fri, 29 Jun 2012 22:34:16 +0200
+
+systemd (44-2) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Tighten the versions in the maintscript file
+ * Ship the /sys directory in the package
+ * Re-add workaround for non-interactive PAM sessions
+ * Mask checkroot-bootclean (Closes: #670591)
+ * Don't ignore errores in systemd-sysv postinst
+
+ [ Tollef Fog Heen ]
+ * Bring tmpfiles.d/tmp.conf in line with Debian defaults. Closes: #675422
+ * Make sure /run/sensigs.omit.d exists.
+ * Add python-dbus and python-cairo to Suggests, for systemd-analyze.
+ Closes: #672965
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 08 May 2012 18:04:22 +0200
+
+systemd (44-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version.
+ - Backport 3492207: journal: PAGE_SIZE is not known on ppc and other
+ archs
+ - Backport 5a2a2a1: journal: react with immediate rotation to a couple
+ of more errors
+ - Backport 693ce21: util: never follow symlinks in rm_rf_children()
+ Fixes CVE-2012-1174, closes: #664364
+ * Drop output message from init-functions hook, it's pointless.
+ * Only rmdir /lib/init/rw if it exists.
+ * Explicitly order debian-fixup before sysinit.target to prevent a
+ possible race condition with the creation of sockets. Thanks to
+ Michael Biebl for debugging this.
+ * Always restart the initctl socket on upgrades, to mask sysvinit
+ removing it.
+
+ [ Michael Biebl ]
+ * Remove workaround for non-interactive sessions from pam config again.
+ * Create compat /dev/initctl symlink in case we are upgrading from a system
+ running a newer version of sysvinit (using /run/initctl) and sysvinit is
+ replaced with systemd-sysv during the upgrade. Closes: #663219
+ * Install new man pages.
+ * Build-Depend on valac (>= 0.12) instead of valac-0.12. Closes: #663323
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 03 Apr 2012 19:59:17 +0200
+
+systemd (43-1) experimental; urgency=low
+
+ [ Tollef Fog Heen ]
+ * Target upload at experimental due to libkmod dependency
+ * New upstream release
+ - Update bash-completion for new verbs and arguments. Closes: #650739
+ - Fixes local DoS (CVE-2012-1101). Closes: #662029
+ - No longer complains if the kernel lacks audit support. Closes: #642503
+ * Fix up git-to-source package conversion script which makes gitpkg
+ happier.
+ * Add libkmod-dev to build-depends
+ * Add symlink from /bin/systemd to /lib/systemd/systemd.
+ * Add --with-distro=debian to configure flags, due to no /etc/os-release
+ yet.
+ * Add new symbols for libsystemd-login0 to symbols file.
+ * Install a tmpfiles.d file for the /dev/initctl → /run/initctl
+ migration. Closes: #657979
+ * Disable coredump handling, it's not ready yet.
+ * If /run is a symlink, don't try to do the /var/run → /run migration.
+ Ditto for /var/lock → /run/lock. Closes: #647495
+
+ [ Michael Biebl ]
+ * Add Build-Depends on liblzma-dev for journal log compression.
+ * Add Build-Depends on libgee-dev, required to build systemadm.
+ * Bump Standards-Version to 3.9.2. No further changes.
+ * Add versioned Build-Depends on automake and autoconf to ensure we have
+ recent enough versions. Closes: #657284
+ * Add packages for libsystemd-journal and libsystemd-id128.
+ * Update symbols file for libsystemd-login.
+ * Update configure flags, use rootprefix instead of rootdir.
+ * Copy intltool files instead of symlinking them.
+ * Re-indent init-functions script.
+ * Remove workarounds for services using X-Interactive. The LSB X-Interactive
+ support turned out to be broken and has been removed upstream so we no
+ longer need any special handling for those type of services.
+ * Install new systemd-journalctl, systemd-cat and systemd-cgtop binaries.
+ * Install /var/lib/systemd directory.
+ * Install /var/log/journal directory where the journal files are stored
+ persistently.
+ * Setup systemd-journald to not read from /proc/kmsg (ImportKernel=no).
+ * Avoid error messages from systemctl in postinst if systemd is not running
+ by checking for /sys/fs/cgroup/systemd before executing systemctl.
+ Closes: #642749
+ * Stop installing lib-init-rw (auto)mount units and try to cleanup
+ /lib/init/rw in postinst. Bump dependency on initscripts accordingly.
+ Closes: #643699
+ * Disable pam_systemd for non-interactive sessions to work around an issue
+ with sudo.
+ * Use new dh_installdeb maintscript facility to handle obsolete conffiles.
+ Bump Build-Depends on debhelper accordingly.
+ * Rename bash completion file systemctl-bash-completion.sh →
+ systemd-bash-completion.sh.
+ * Update /sbin/init symlink. The systemd binary was moved to $pkglibdir.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 07 Feb 2012 21:36:34 +0100
+
+systemd (37-1.1) unstable; urgency=low
+
+ * Non-maintainer upload with Tollef's consent.
+ * Remove --parallel to workaround a bug in automake 1.11.3 which doesn't
+ generate parallel-safe build rules. Closes: #661842
+ * Create a compat symlink /run/initctl → /dev/initctl to work with newer
+ versions of sysvinit. Closes: #657979
+
+ -- Michael Biebl <biebl@debian.org> Sat, 03 Mar 2012 17:42:10 +0100
+
+systemd (37-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version
+ * Change the type of the debian-fixup service to oneshot.
+ Closes: #642961
+ * Add ConditionPathIsDirectory to lib-init-rw.automount and
+ lib-init-rw.mount so we only activate the unit if the directory
+ exists. Closes: #633059
+ * If a sysv service exists in both rcS and rcN.d runlevels, drop the
+ rcN.d ones to avoid loops. Closes: #637037
+ * Blacklist fuse init script, we do the same work already internally.
+ Closes: #643700
+ * Update README.Debian slightly for /run rather than /lib/init/rw
+
+ [ Josh Triplett ]
+ * Do a one-time migration of the $TMPTIME setting from /etc/default/rcS to
+ /etc/tmpfiles.d/tmp.conf. If /etc/default/rcS has a TMPTIME setting of
+ "infinite" or equivalent, migrate it to an /etc/tmpfiles.d/tmp.conf that
+ overrides the default /usr/lib/tmpfiles.d/tmp.conf and avoids clearing
+ /tmp. Closes: #643698
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 28 Sep 2011 20:04:13 +0200
+
+systemd (36-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream release. Closes: #634618
+ - Various man page fixes. Closes: #623521
+ * Add debian-fixup service that symlinks mtab to /proc/mounts and
+ migrates /var/run and /var/lock to symlinks to /run
+
+ [ Michael Biebl ]
+ * Build for libnotify 0.7.
+ * Bump Build-Depends on libudev to (>= 172).
+ * Add Build-Depends on libacl1-dev. Required for building systemd-logind
+ with ACL support.
+ * Split libsystemd-login and libsystemd-daemon into separate binary
+ packages.
+ * As autoreconf doesn't like intltool, override dh_autoreconf and call
+ intltoolize and autoreconf ourselves.
+ * Add Build-Depends on intltool.
+ * Do a one-time migration of the hwclock configuration. If UTC is set to
+ "no" in /etc/default/rcS, create /etc/adjtime and add the "LOCAL" setting.
+ * Remove /cgroup cleanup code from postinst.
+ * Add Build-Depends on gperf.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 14 Sep 2011 08:25:17 +0200
+
+systemd (29-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version, Closes: #630510
+ - Includes typo fixes in documentation. Closes: #623520
+ * Fall back to the init script reload function if a native .service file
+ doesn't know how to reload. Closes: #628186
+ * Add hard dependency on udev. Closes: #627921
+
+ [ Michael Biebl ]
+ * hwclock-load.service is no longer installed, so we don't need to remove it
+ anymore in debian/rules.
+ * Install /usr/lib directory for binfmt.d, modules-load.d, tmpfiles.d and
+ sysctl.d.
+ * Remove obsolete conffiles from /etc/tmpfiles.d on upgrades. Those files
+ are installed in /usr/lib/tmpfiles.d now.
+ * Depend on util-linux (>= 2.19.1-2) which provides whole-disk locking
+ support in fsck and remove our revert patch.
+ * Don't choke when systemd was compiled with a different CAP_LAST_CAP then
+ what it is run with. Patch cherry-picked from upstream Git.
+ Closes: #628081
+ * Enable dev-hugepages.automount and dev-mqueue.automount only when enabled
+ in kernel. Patch cherry-picked from upstream Git. Closes: #624522
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 08 Jun 2011 16:14:31 +0200
+
+systemd (25-2) experimental; urgency=low
+
+ * Handle downgrades more gracefully by removing diversion of
+ /lib/lsb/init-functions on downgrades to << 25-1.
+ * Cherry-pick a133bf10d09f788079b82f63faa7058a27ba310b from upstream,
+ avoids assert when dumping properties. Closes: #624094
+ * Remove "local" in non-function context in init-functions wrapper.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 27 Apr 2011 22:20:04 +0200
+
+systemd (25-1) experimental; urgency=low
+
+ * New upstream release, target experimental due to initscripts
+ dependency.
+ - Fixes where to look for locale config. Closes: #619166
+ * Depend on initscripts >= 2.88dsf-13.4 for /run transition.
+ * Add Conflicts on klogd, since it doesn't work correctly with the
+ kmg→/dev/log bridge. Closes: #622555
+ * Add suggests on Python for systemd-analyze.
+ * Divert /lib/lsb/init-functions instead of (ab)using
+ /etc/lsb-base-logging.sh for diverting calls to /etc/init.d/*
+ * Remove obsolete conffile /etc/lsb-base-logging.sh. Closes: #619093
+ * Backport 3a90ae048233021833ae828c1fc6bf0eeab46197 from master:
+ mkdir /run/systemd/system when starting up
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sun, 24 Apr 2011 09:02:04 +0200
+
+systemd (20-1) unstable; urgency=low
+
+ * New upstream version
+ * Install systemd-machine-id-setup
+ * Call systemd-machine-id-setup in postinst
+ * Cherry-pick b8a021c9e276adc9bed5ebfa39c3cab0077113c6 from upstream to
+ prevent dbus assert error.
+ * Enable TCP wrapper support. Closes: #618409
+ * Enable SELinux support. Closes: #618412
+ * Make getty start after Apache2 and OpenVPN (which are the only two
+ known users of X-Interactive: yes). Closes: #618419
+
+ -- Tollef Fog Heen <tfheen@debian.org> Fri, 11 Mar 2011 19:14:21 +0100
+
+systemd (19-1) experimental; urgency=low
+
+ * New upstream release
+ * Add systemd-tmpfiles to systemd package.
+ * Add ifup@.service for handling hotplugged interfaces from
+ udev. Closes: #610871
+ * Mask mtab.service and udev-mtab.service as they are pointless when
+ /etc/mtab is a symlink to /proc/mounts
+ * Add breaks on lvm2 (<< 2.02.84-1) since older versions have udev rules
+ that don't work well with systemd causing delays on bootup.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Thu, 17 Feb 2011 07:36:22 +0100
+
+systemd (17-1) experimental; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream release
+ * Clarify ifupdown instructions in README.Debian somewhat.
+ Closes: #613320
+ * Silently skip masked services in lsb-base-logging.sh instead of
+ failing. Initial implementation by Michael Biebl. Closes: #612551
+ * Disable systemd-vconsole-setup.service for now.
+
+ [ Michael Biebl ]
+ * Bump build dependency on valac-0.10 to (>= 0.10.3).
+ * Improve regex in lsb-base-logging.sh for X-Interactive scripts.
+ Closes: #613325
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 16 Feb 2011 21:06:16 +0100
+
+systemd (16-1) experimental; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream release. Closes: #609611
+ * Get rid of now obsolete patches that are upstream.
+ * Use the built-in cryptsetup support in systemd, build-depend on
+ libcryptsetup-dev (>= 2:1.2.0-1) to get a libcryptsetup in /lib.
+ * Don't use systemctl redirect for init scripts with X-Interactive: true
+
+ [ Michael Biebl ]
+ * Update package description
+ * Use v8 debhelper syntax
+ * Make single-user mode work
+ * Run hwclock-save.service on shutdown
+ * Remove dependencies on legacy sysv mount scripts, as we use native
+ mounting.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sun, 16 Jan 2011 11:04:13 +0100
+
+systemd (15-1) UNRELEASED; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version, thanks a lot to Michael Biebl for help with
+ preparing this version.
+ - This version handles cycle breaking better. Closes: #609225
+ * Add libaudit-dev to build-depends
+ * /usr/share/systemd/session has been renamed to /usr/share/systemd/user
+ upstream, adjust build system accordingly.
+ * Remove -s from getty serial console invocation.
+ * Add dependency on new util-linux to make sure /sbin/agetty exists
+ * Don't mount /var/lock with gid=lock (Debian has no such group).
+ * Document problem with ifupdown's /etc/network/run being a normal
+ directory.
+
+ [ Michael Biebl ]
+ * Revert upstream change which requires libnotify 0.7 (not yet available in
+ Debian).
+ * Use dh-autoreconf for updating the build system.
+ * Revert upstream commit which uses fsck -l (needs a newer version of
+ util-linux).
+ * Explicitly disable cryptsetup support to not accidentally pick up a
+ libcryptsetup dependency in a tainted build environment, as the library
+ is currently installed in /usr/lib.
+ * Remove autogenerated man pages and vala C sources, so they are rebuilt.
+ * Use native systemd mount support:
+ - Use MountAuto=yes and SwapAuto=yes (default) in system.conf
+ - Mask SysV init mount, check and cleanup scripts.
+ - Create an alias (symlink) for checkroot (→ remount-rootfs.service) as
+ synchronization point for SysV init scripts.
+ * Mask x11-common, rmnologin, hostname, bootmisc and bootlogd.
+ * Create an alias for procps (→ systemd-sysctl.service) and
+ urandom (→ systemd-random-seed-load.service).
+ * Create an alias for module-init-tools (→ systemd-modules-load.service) and
+ a symlink from /etc/modules-load.d/modules.conf → /etc/modules.
+ * Install lsb-base hook which redirects calls to SysV init scripts to
+ systemctl: /etc/init.d/<foo> <action> → systemctl <action> <foo.service>
+ * Install a (auto)mount unit to mount /lib/init/rw early during boot.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sat, 20 Nov 2010 09:28:01 +0100
+
+systemd (11-2) UNRELEASED; urgency=low
+
+ * Tighten depends from systemd-* on systemd to ensure they're upgraded
+ in lockstep. Thanks to Michael Biebl for the patch.
+ * Add missing #DEBHELPER# token to libpam-systemd
+ * Stop messing with runlevel5/multi-user.target symlink, this is handled
+ correctly upstream.
+ * Stop shipping /cgroup in the package.
+ * Remove tmpwatch services, Debian doesn't have or use tmpwatch.
+ * Make sure to enable GTK bits.
+ * Ship password agent
+ * Clean up cgroups properly on upgrades, thanks to Michael Biebl for the
+ patch. Closes: #599577
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 02 Nov 2010 21:47:10 +0100
+
+systemd (11-1) experimental; urgency=low
+
+ * New upstream version. Closes: #597284
+ * Add pam-auth-update calls to libpam-systemd's postinst and prerm
+ * Make systemd-sysv depend on systemd
+ * Now mounts the cgroup fs in /sys/fs/cgroup. Closes: #595966
+ * Add libnotify-dev to build-depends (needed for systemadm)
+
+ -- Tollef Fog Heen <tfheen@debian.org> Thu, 07 Oct 2010 22:01:19 +0200
+
+systemd (8-2) experimental; urgency=low
+
+ * Hardcode udev rules dir in configure call.
+ * Remove README.source as it's no longer accurate.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Mon, 30 Aug 2010 21:10:26 +0200
+
+systemd (8-1) experimental; urgency=low
+
+ * New upstream release
+ * Only ship the top /cgroup
+ * Pass --with-rootdir= to configure, to make it think / is / rather
+ than //
+ * Add PAM module package
+ * Fix up dependencies in local-fs.target. Closes: #594420
+ * Move systemadm to its own package. Closes: #588451
+ * Update standards-version (no changes needed)
+ * Update README.Debian to explain how to use systemd.
+ * Add systemd-sysv package that provides /sbin/init and friends.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sat, 07 Aug 2010 07:31:38 +0200
+
+systemd (0~git+20100605+dfd8ee-1) experimental; urgency=low
+
+ * Initial release, upload to experimental. Closes: #580814
+
+ -- Tollef Fog Heen <tfheen@debian.org> Fri, 30 Apr 2010 21:02:25 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000000000000000000000000000000000000..f599e28b8ab0d8c9c57a486c89c4a5132dcbd3b2
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000000000000000000000000000000000000..f6930a2675306f17b7c1746d9868502e600fd0b2
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,396 @@
+Source: systemd
+Section: admin
+Priority: optional
+Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
+Uploaders: Michael Biebl <biebl@debian.org>,
+ Marco d'Itri <md@linux.it>,
+ Sjoerd Simons <sjoerd@debian.org>,
+ Martin Pitt <mpitt@debian.org>,
+ Felipe Sateler <fsateler@debian.org>
+Standards-Version: 4.2.1
+Rules-Requires-Root: no
+Vcs-Git: https://salsa.debian.org/systemd-team/systemd.git
+Vcs-Browser: https://salsa.debian.org/systemd-team/systemd
+Homepage: https://www.freedesktop.org/wiki/Software/systemd
+Build-Depends: debhelper (>= 10.4~),
+ pkg-config,
+ xsltproc,
+ docbook-xsl,
+ docbook-xml,
+ m4,
+ meson (>= 0.49),
+ gettext,
+ gperf,
+ gnu-efi [amd64 i386 arm64],
+ libcap-dev (>= 1:2.24-9~),
+ libpam0g-dev,
+ libapparmor-dev (>= 2.9.0-3+exp2) <!stage1>,
+ libidn11-dev <!stage1>,
+ libiptc-dev <!stage1>,
+ libaudit-dev <!stage1>,
+ libdbus-1-dev (>= 1.3.2) <!nocheck>,
+ libcryptsetup-dev (>= 2:1.6.0) <!stage1>,
+ libselinux1-dev (>= 2.1.9),
+ libacl1-dev,
+ liblzma-dev,
+ liblz4-dev (>= 0.0~r125),
+ liblz4-tool <!nocheck>,
+ libbz2-dev <!stage1>,
+ zlib1g-dev <!stage1> | libz-dev <!stage1>,
+ libcurl4-gnutls-dev <!stage1> | libcurl-dev <!stage1>,
+ libmicrohttpd-dev <!stage1>,
+ libgnutls28-dev <!stage1>,
+ libgcrypt20-dev,
+ libkmod-dev (>= 15),
+ libblkid-dev (>= 2.24),
+ libmount-dev (>= 2.30),
+ libseccomp-dev (>= 2.3.1) [amd64 arm64 armel armhf i386 mips mipsel mips64 mips64el x32 powerpc ppc64 ppc64el s390x],
+ libdw-dev (>= 0.158) <!stage1>,
+ libpolkit-gobject-1-dev <!stage1>,
+ linux-base <!nocheck>,
+ acl <!nocheck>,
+ python3:native,
+ python3-lxml:native,
+ python3-pyparsing <!nocheck>,
+ python3-evdev <!nocheck>,
+ tzdata <!nocheck>,
+ libcap2-bin <!nocheck>,
+ iproute2 <!nocheck>,
+
+Package: systemd
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: important
+Recommends: libpam-systemd,
+ dbus
+Suggests: systemd-container,
+ policykit-1
+Pre-Depends: ${shlibs:Pre-Depends},
+ ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ libsystemd0 (= ${binary:Version}),
+ util-linux (>= 2.27.1),
+ mount (>= 2.26),
+ adduser,
+Conflicts: consolekit,
+ libpam-ck-connector,
+Breaks: apparmor (<< 2.9.2-1),
+ systemd-shim (<< 10-4~),
+ ifupdown (<< 0.8.5~),
+ udev (<< 228-5),
+ laptop-mode-tools (<< 1.68~),
+ python-dbusmock (<< 0.18),
+ python3-dbusmock (<< 0.18),
+Replaces: udev (<< 228-5),
+Description: system and service manager
+ systemd is a system and service manager for Linux. It provides aggressive
+ parallelization capabilities, uses socket and D-Bus activation for starting
+ services, offers on-demand starting of daemons, keeps track of processes using
+ Linux control groups, maintains mount and automount points and implements an
+ elaborate transactional dependency-based service control logic.
+ .
+ systemd is compatible with SysV and LSB init scripts and can work as a
+ drop-in replacement for sysvinit.
+ .
+ Installing the systemd package will not switch your init system unless you
+ boot with init=/bin/systemd or install systemd-sysv in addition.
+
+Package: systemd-sysv
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: important
+Conflicts: sysvinit-core,
+ upstart (<< 1.13.2-0ubuntu10~),
+ upstart-sysv,
+ openrc (<< 0.20.4-2.1),
+ file-rc,
+ systemd-shim,
+Replaces: sysvinit-core,
+ upstart (<< 1.13.2-0ubuntu10~),
+ upstart-sysv,
+Pre-Depends: systemd
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Recommends: libnss-systemd
+Description: system and service manager - SysV links
+ systemd is a system and service manager for Linux. It provides aggressive
+ parallelization capabilities, uses socket and D-Bus activation for starting
+ services, offers on-demand starting of daemons, keeps track of processes using
+ Linux control groups, maintains mount and automount points and implements an
+ elaborate transactional dependency-based service control logic.
+ .
+ systemd is compatible with SysV and LSB init scripts and can work as a
+ drop-in replacement for sysvinit.
+ .
+ This package provides the manual pages and links needed for systemd
+ to replace sysvinit. Installing systemd-sysv will overwrite /sbin/init with a
+ link to systemd.
+
+Package: systemd-container
+Build-Profiles: <!stage1>
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd,
+ dbus
+Recommends: btrfs-progs,
+ libnss-mymachines,
+Breaks: systemd (<< 224-2)
+Replaces: systemd (<< 224-2)
+Description: systemd container/nspawn tools
+ This package provides systemd's tools for nspawn and container/VM management:
+ * systemd-nspawn
+ * systemd-machined and machinectl
+ * systemd-importd
+
+Package: systemd-journal-remote
+Build-Profiles: <!stage1>
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd,
+ adduser
+Breaks: systemd (<< 239-6)
+Replaces: systemd (<< 239-6)
+Description: tools for sending and receiving remote journal logs
+ This package provides tools for sending and receiving remote journal logs:
+ * systemd-journal-remote
+ * systemd-journal-upload
+ * systemd-journal-gatewayd
+
+Package: systemd-coredump
+Build-Profiles: <!stage1>
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ adduser,
+ systemd
+Conflicts: core-dump-handler
+Replaces: core-dump-handler, systemd (<< 229-2)
+Provides: core-dump-handler
+Breaks: systemd (<< 229-2)
+Description: tools for storing and retrieving coredumps
+ This package provides systemd tools for storing and retrieving coredumps:
+ * systemd-coredump
+ * coredumpctl
+
+Package: systemd-tests
+Architecture: linux-any
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+ python3,
+Description: tests for systemd
+ This package contains the test binaries. Those binaries are primarily used
+ for autopkgtest and not meant to be installed on regular user systems.
+
+Package: libpam-systemd
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: standard
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+ libpam-runtime (>= 1.0.1-6),
+ dbus,
+ systemd-shim (>= 10-4~) | systemd-sysv
+Description: system and service manager - PAM module
+ This package contains the PAM module which registers user sessions in
+ the systemd control group hierarchy for logind.
+ .
+ If in doubt, do install this package.
+ .
+ Packages that depend on logind functionality need to depend on libpam-systemd.
+
+Package: libnss-myhostname
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: optional
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+Breaks: systemd (<< 222-1)
+Replaces: systemd (<< 222-1)
+Description: nss module providing fallback resolution for the current hostname
+ This package contains a plugin for the Name Service Switch, providing host
+ name resolution for the locally configured system hostname as returned by
+ gethostname(2). It returns all locally configured public IP addresses or -- if
+ none are configured, the IPv4 address 127.0.1.1 (which is on the local
+ loopback) and the IPv6 address ::1 (which is the local host).
+ .
+ A lot of software relies on that the local host name is resolvable. This
+ package provides an alternative to the fragile and error-prone manual editing
+ of /etc/hosts.
+ .
+ Installing this package automatically adds myhostname to /etc/nsswitch.conf.
+
+Package: libnss-mymachines
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: optional
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd-container (= ${binary:Version}),
+Breaks: systemd (<< 222-1)
+Replaces: systemd (<< 222-1)
+Description: nss module to resolve hostnames for local container instances
+ nss-mymachines is a plugin for the GNU Name Service Switch (NSS) functionality
+ of the GNU C Library (glibc) providing hostname resolution for local containers
+ that are registered with systemd-machined.service(8). The container names are
+ resolved to IP addresses of the specific container, ordered by their scope.
+ .
+ Installing this package automatically adds mymachines to /etc/nsswitch.conf.
+
+Package: libnss-resolve
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: optional
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+Breaks: systemd (<< 227-3)
+Replaces: systemd (<< 227-3)
+Description: nss module to resolve names via systemd-resolved
+ nss-resolve is a plugin for the GNU Name Service Switch (NSS) functionality
+ of the GNU C Library (glibc) providing DNS and LLMNR resolution to programs via
+ the systemd-resolved daemon (provided in the systemd package).
+ .
+ Installing this package automatically adds resolve to /etc/nsswitch.conf.
+
+Package: libnss-systemd
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: optional
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+Description: nss module providing dynamic user and group name resolution
+ nss-systemd is a plug-in module for the GNU Name Service Switch (NSS)
+ functionality of the GNU C Library (glibc), providing UNIX user and group name
+ resolution for dynamic users and groups allocated through the DynamicUser=
+ option in systemd unit files. See systemd.exec(5) for details on this
+ option.
+ .
+ Installing this package automatically adds the module to /etc/nsswitch.conf.
+
+Package: libsystemd0
+Architecture: linux-any
+Multi-Arch: same
+Section: libs
+Priority: optional
+Pre-Depends: ${shlibs:Depends},
+ ${misc:Pre-Depends}
+Depends: ${misc:Depends}
+Description: systemd utility library
+ The libsystemd0 library provides interfaces to various systemd components.
+
+Package: libsystemd-dev
+Architecture: linux-any
+Multi-Arch: same
+Section: libdevel
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ libsystemd0 (= ${binary:Version})
+Description: systemd utility library - development files
+ The libsystemd0 library provides interfaces to various systemd components.
+ .
+ This package contains the development files.
+
+Package: udev
+Section: admin
+Priority: important
+Architecture: linux-any
+Multi-Arch: foreign
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ adduser,
+ libudev1 (= ${binary:Version}),
+ lsb-base (>= 3.0-6),
+ util-linux (>= 2.27.1),
+ s390-tools (>> 1.6.2) [s390],
+Conflicts: hal
+Breaks: systemd (<< 233-4),
+ ifupdown (<< 0.8.5~),
+ ifplugd (<< 0.28-19.1~),
+ joystick (<< 1:1.4.9-1~),
+Replaces: systemd (<< 233-4)
+Description: /dev/ and hotplug management daemon
+ udev is a daemon which dynamically creates and removes device nodes from
+ /dev/, handles hotplug events and loads drivers at boot time.
+
+Package: libudev1
+Section: libs
+Priority: optional
+Architecture: linux-any
+Multi-Arch: same
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Description: libudev shared library
+ This library provides access to udev device information.
+
+Package: libudev-dev
+Section: libdevel
+Priority: optional
+Architecture: linux-any
+Multi-Arch: same
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ libudev1 (= ${binary:Version})
+Description: libudev development files
+ This package contains the files needed for developing applications that
+ use libudev.
+
+Package: udev-udeb
+Build-Profiles: <!noudeb>
+Package-Type: udeb
+Section: debian-installer
+Priority: optional
+Architecture: linux-any
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ util-linux-udeb
+Description: /dev/ and hotplug management daemon
+ udev is a daemon which dynamically creates and removes device nodes from
+ /dev/, handles hotplug events and loads drivers at boot time.
+ .
+ This is a minimal version, only for use in the installation system.
+
+Package: libudev1-udeb
+Build-Profiles: <!noudeb>
+Package-Type: udeb
+Section: debian-installer
+Priority: optional
+Architecture: linux-any
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Description: libudev shared library
+ This library provides access to udev device information.
+ .
+ This is a minimal version, only for use in the installation system.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000000000000000000000000000000000000..1f66c2054a5f71e0546e94fc0b8832336b00031b
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,195 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: systemd
+Upstream-Contact: systemd-devel@lists.freedesktop.org
+Source: https://www.freedesktop.org/wiki/Software/systemd/
+
+Files: *
+Copyright: 2008-2015 Kay Sievers <kay@vrfy.org>
+ 2010-2015 Lennart Poettering
+ 2012-2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+ 2013-2015 Tom Gundersen <teg@jklm.no>
+ 2013-2015 Daniel Mack
+ 2010-2015 Harald Hoyer
+ 2013-2015 David Herrmann
+ 2013, 2014 Thomas H.P. Andersen
+ 2013, 2014 Daniel Buch
+ 2014 Susant Sahani
+ 2009-2015 Intel Corporation
+ 2000, 2005 Red Hat, Inc.
+ 2009 Alan Jenkins <alan-jenkins@tuffmail.co.uk>
+ 2010 ProFUSION embedded systems
+ 2010 Maarten Lankhorst
+ 1995-2004 Miquel van Smoorenburg
+ 1999 Tom Tromey
+ 2011 Michal Schmidt
+ 2012 B. Poettering
+ 2012 Holger Hans Peter Freyther
+ 2012 Dan Walsh
+ 2012 Roberto Sassu
+ 2013 David Strauss
+ 2013 Marius Vollmer
+ 2013 Jan Janssen
+ 2013 Simon Peeters
+License: LGPL-2.1+
+
+Files: src/basic/siphash24.h
+ src/basic/siphash24.c
+Copyright: 2012 Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
+ 2012 Daniel J. Bernstein <djb@cr.yp.to>
+License: CC0-1.0
+
+Files: src/basic/securebits.h
+Copyright: Linus Torvalds <torvalds@athlon.transmeta.com>
+License: GPL-2
+
+Files: src/basic/ioprio.h
+Copyright: Jens Axboe <axboe@suse.de>
+License: GPL-2
+
+Files: src/shared/linux/auto_dev-ioctl.h
+Copyright: 2008 Red Hat, Inc.
+ 2008 Ian Kent <raven@themaw.net>
+License: GPL-2+
+
+Files: src/basic/sparse-endian.h
+Copyright: 2012 Josh Triplett <josh@joshtriplett.org>
+License: Expat
+
+Files: src/journal/lookup3.c
+ src/journal/lookup3.h
+Copyright: none
+License: public-domain
+ You can use this free for any purpose. It's in the public domain. It has no
+ warranty.
+
+Files: src/udev/*
+Copyright: 2003-2012 Kay Sievers <kay@vrfy.org>
+ 2003-2004 Greg Kroah-Hartman <greg@kroah.com>
+ 2004 Chris Friesen <chris_friesen@sympatico.ca>
+ 2004, 2009, 2010 David Zeuthen <david@fubar.dk>
+ 2005, 2006 SUSE Linux Products GmbH
+ 2003 IBM Corp.
+ 2007 Hannes Reinecke <hare@suse.de>
+ 2009 Canonical Ltd.
+ 2009 Scott James Remnant <scott@netsplit.com>
+ 2009 Martin Pitt <martin.pitt@ubuntu.com>
+ 2009 Piter Punk <piterpunk@slackware.com>
+ 2009, 2010 Lennart Poettering
+ 2009 Filippo Argiolas <filippo.argiolas@gmail.com>
+ 2010 Maxim Levitsky
+ 2011 ProFUSION embedded systems
+ 2011 Karel Zak <kzak@redhat.com>
+ 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+ 2014 David Herrmann <dh.herrmann@gmail.com>
+ 2014 Carlos Garnacho <carlosg@gnome.org>
+License: GPL-2+
+
+Files: src/udev/udev-ctrl.c
+ src/udev/udevadm-hwdb.c
+ src/udev/udev-builtin.c
+ src/udev/udev-builtin-net_id.c
+ src/udev/udev-builtin-net_setup_link.c
+ src/udev/udev-builtin-hwdb.c
+ src/udev/udev-builtin-btrfs.c
+ src/udev/udev-builtin-keyboard.c
+ src/udev/net/link-config.h
+ src/udev/net/link-config.c
+ src/udev/net/ethtool-util.c
+ src/udev/net/ethtool-util.h
+Copyright: 2007-2013 Kay Sievers <kay@vrfy.org>
+ 2013 Tom Gundersen <teg@jklm.no>
+License: LGPL-2.1+
+
+Files: src/udev/scsi_id/scsi.h
+Copyright: 2003 IBM Corp.
+License: GPL-2
+
+Files: debian/*
+Copyright: 2010-2013 Tollef Fog Heen <tfheen@debian.org>
+ 2013-2018 Michael Biebl <biebl@debian.org>
+ 2013 Michael Stapelberg <stapelberg@debian.org>
+License: LGPL-2.1+
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to
+ deal in the Software without restriction, including without limitation the
+ rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ sell copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ IN THE SOFTWARE.
+
+License: GPL-2
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+ .
+ On Debian and systems the full text of the GNU General Public
+ License version 2 can be found in the file
+ `/usr/share/common-licenses/GPL-2`
+
+License: GPL-2+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 2 can be found in ‘/usr/share/common-licenses/GPL-2’.
+
+License: LGPL-2.1+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ .
+ On Debian systems, the complete text of the GNU Lesser General Public
+ License version 2.1 can be found in ‘/usr/share/common-licenses/LGPL-2.1’.
+
+License: CC0-1.0
+ To the extent possible under law, the author(s) have dedicated all copyright
+ and related and neighboring rights to this software to the public domain
+ worldwide. This software is distributed without any warranty.
+ .
+ You should have received a copy of the CC0 Public Domain Dedication along with
+ this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+ .
+ On Debian systems, the complete text of the CC0 1.0 Universal license can be
+ found in ‘/usr/share/common-licenses/CC0-1.0’.
diff --git a/debian/extra/checkout-upstream b/debian/extra/checkout-upstream
new file mode 100755
index 0000000000000000000000000000000000000000..561082ea5db51cbfbb4495a482812538cd9f9f2d
--- /dev/null
+++ b/debian/extra/checkout-upstream
@@ -0,0 +1,61 @@
+#!/bin/sh
+# Prepare systemd source package in current directory for testing an upstream
+# commit, branch, or PR, without Debian patches. This replaces everything
+# except the debian/ directory with an upstream checkout.
+# NEVER run this in your actual packaging work directory! This is only meant
+# for upstream CI.
+#
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+set -eu
+test -x debian/rules
+if [ -z "${TEST_UPSTREAM:-}" ]; then
+ echo "Not in upstream testing mode. Do *not* run this script unless you know what you are doing." >&2
+ exit 1
+fi
+if [ -n "${UPSTREAM_PULL_REQUEST:-}" ]; then
+ FETCH="git fetch -fu origin refs/pull/$UPSTREAM_PULL_REQUEST/head:pr"
+ CO='git checkout pr'
+ DESC="PR #$UPSTREAM_PULL_REQUEST"
+elif [ -n "${UPSTREAM_HEAD:-}" ]; then
+ FETCH=''
+ CO="git checkout $UPSTREAM_HEAD"
+ DESC="$UPSTREAM_HEAD"
+else
+ echo "WARNING: $0: Neither UPSTREAM_PULL_REQUEST nor UPSTREAM_HEAD set, ignoring" >&2
+ exit 0
+fi
+
+mkdir -p debian/tmp
+(cd debian/tmp
+ git clone https://github.com/systemd/systemd.git upstream || (rm -rf upstream; sleep 60; git clone https://github.com/systemd/systemd.git upstream)
+ cd upstream
+ $FETCH
+ $CO
+ git config user.email "invalid@example.com"
+ git config user.name "Merge dummy user"
+ git rebase master)
+UPSTREAM_VER=$(cd debian/tmp/upstream; git describe | sed 's/^v//')
+
+# clean out original upstream sources and patches
+find -mindepth 1 -maxdepth 1 -name debian -prune -o -print0 | xargs -0n1 rm -rf
+rm -rf debian/patches
+
+# replace with checkout
+mv debian/tmp/upstream/* .
+rm -rf debian/tmp
+
+# craft changelog
+cat << EOF > debian/changelog.new
+systemd (${UPSTREAM_VER}-0) UNRELEASED; urgency=low
+
+ * Automatic build from upstream $DESC
+
+ -- systemd test <pkg-systemd-maintainers@lists.alioth.debian.org> $(date -R)
+
+EOF
+cat debian/changelog >> debian/changelog.new
+mv debian/changelog.new debian/changelog
+
+# disable tests which are not for upstream
+sed -i '/# NOUPSTREAM/ q' debian/tests/control
diff --git a/debian/extra/dhclient-exit-hooks.d/timesyncd b/debian/extra/dhclient-exit-hooks.d/timesyncd
new file mode 100644
index 0000000000000000000000000000000000000000..3cde992934ee84ce3d6dcb161ae22c33333c6f50
--- /dev/null
+++ b/debian/extra/dhclient-exit-hooks.d/timesyncd
@@ -0,0 +1,42 @@
+TIMESYNCD_CONF=/run/systemd/timesyncd.conf.d/01-dhclient.conf
+
+timesyncd_servers_setup_remove() {
+ if [ -e $TIMESYNCD_CONF ]; then
+ rm -f $TIMESYNCD_CONF
+ systemctl try-restart systemd-timesyncd.service || true
+ fi
+}
+
+timesyncd_servers_setup_add() {
+ if [ ! -d /run/systemd/system ]; then
+ return
+ fi
+
+ if [ -e $TIMESYNCD_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then
+ return
+ fi
+
+ if [ -z "$new_ntp_servers" ]; then
+ timesyncd_servers_setup_remove
+ return
+ fi
+
+ mkdir -p $(dirname $TIMESYNCD_CONF)
+ cat <<EOF > ${TIMESYNCD_CONF}.new
+# NTP server entries received from DHCP server
+[Time]
+NTP=$new_ntp_servers
+EOF
+ mv ${TIMESYNCD_CONF}.new ${TIMESYNCD_CONF}
+ systemctl try-restart systemd-timesyncd.service || true
+}
+
+
+case $reason in
+ BOUND|RENEW|REBIND|REBOOT)
+ timesyncd_servers_setup_add
+ ;;
+ EXPIRE|FAIL|RELEASE|STOP)
+ timesyncd_servers_setup_remove
+ ;;
+esac
diff --git a/debian/extra/fbdev-blacklist.conf b/debian/extra/fbdev-blacklist.conf
new file mode 100644
index 0000000000000000000000000000000000000000..00a91706f7a69d5834b8da5055c7f6a19d1a8976
--- /dev/null
+++ b/debian/extra/fbdev-blacklist.conf
@@ -0,0 +1,20 @@
+# This file blacklists most old-style PCI framebuffer drivers.
+
+blacklist arkfb
+blacklist aty128fb
+blacklist atyfb
+blacklist radeonfb
+blacklist cirrusfb
+blacklist cyber2000fb
+blacklist kyrofb
+blacklist matroxfb_base
+blacklist mb862xxfb
+blacklist neofb
+blacklist pm2fb
+blacklist pm3fb
+blacklist s3fb
+blacklist savagefb
+blacklist sisfb
+blacklist tdfxfb
+blacklist tridentfb
+blacklist vt8623fb
diff --git a/debian/extra/init-functions.d/40-systemd b/debian/extra/init-functions.d/40-systemd
new file mode 100644
index 0000000000000000000000000000000000000000..4fa9b9c68f28a33fc15b0197aaee2543707c3b67
--- /dev/null
+++ b/debian/extra/init-functions.d/40-systemd
@@ -0,0 +1,101 @@
+# -*-Shell-script-*-
+# /lib/lsb/init-functions
+
+_use_systemctl=0
+if [ -d /run/systemd/system ]; then
+
+ if [ -n "${__init_d_script_name:-}" ]; then # scripts run with new init-d-script
+ executable="$__init_d_script_name"
+ argument="$1"
+ elif [ "${0##*/}" = "init-d-script" ] ||
+ [ "${0##*/}" = "${1##*/}" ]; then # scripts run with old init-d-script
+ executable="$1"
+ argument="$2"
+ else # plain old scripts
+ executable="$0"
+ argument="$1"
+ fi
+
+ prog=${executable##*/}
+ service="${prog%.sh}.service"
+
+ # Don't try to run masked services. systemctl <= 230 always succeeds here,
+ # but later systemctls fail on nonexisting units; be compatible with both
+ state=$(systemctl -p LoadState --value show $service 2>/dev/null) || state="not-found"
+ [ "$state" = "masked" ] && exit 0
+
+ # Redirect SysV init scripts when executed by the user
+ if [ $PPID -ne 1 ] && [ -z "${SYSTEMCTL_SKIP_REDIRECT:-}" ]; then
+ case $(readlink -f "$executable") in
+ /etc/init.d/*)
+ # If the state is not-found, this might be a newly installed SysV init
+ # script where systemd-sysv-generator has not been run yet.
+ [ "$state" != "not-found" ] || [ "$(id -u)" != 0 ] || systemctl --no-ask-password daemon-reload
+
+ _use_systemctl=1
+ # Some services can't reload through the .service file,
+ # but can through the init script.
+ if [ "$(systemctl -p CanReload --value show $service 2>/dev/null)" = "no" ] && [ "${argument:-}" = "reload" ]; then
+ _use_systemctl=0
+ fi
+ ;;
+ esac
+ fi
+fi
+
+systemctl_redirect () {
+ local s
+ local rc
+ local prog=${1##*/}
+ local command=$2
+
+ case "$command" in
+ start)
+ s="Starting $prog (via systemctl)"
+ ;;
+ stop)
+ s="Stopping $prog (via systemctl)"
+ ;;
+ reload|force-reload)
+ s="Reloading $prog configuration (via systemctl)"
+ ;;
+ try-restart)
+ s="Restarting $prog if running (via systemctl)"
+ ;;
+ restart)
+ s="Restarting $prog (via systemctl)"
+ ;;
+ esac
+
+ service="${prog%.sh}.service"
+
+ # avoid deadlocks during bootup and shutdown from units/hooks
+ # which call "invoke-rc.d service reload" and similar, since
+ # the synchronous wait plus systemd's normal behaviour of
+ # transactionally processing all dependencies first easily
+ # causes dependency loops
+ if ! OUT=$(systemctl is-system-running 2>/dev/null) && [ "$OUT" != "degraded" ]; then
+ sctl_args="--job-mode=ignore-dependencies"
+ fi
+
+ [ "$command" = status ] || log_daemon_msg "$s" "$service"
+ /bin/systemctl --no-pager $sctl_args $command "$service"
+ rc=$?
+ [ "$command" = status ] || log_end_msg $rc
+
+ return $rc
+}
+
+if [ "$_use_systemctl" = "1" ]; then
+ # Some init scripts use "set -e" and "set -u", we don't want that
+ # here
+ set +e
+ set +u
+
+ case "$argument" in
+ start|stop|restart|reload|force-reload|try-restart|status)
+ systemctl_redirect $executable $argument
+ exit $?
+ ;;
+ esac
+fi
diff --git a/debian/extra/initramfs-tools/hooks/udev b/debian/extra/initramfs-tools/hooks/udev
new file mode 100755
index 0000000000000000000000000000000000000000..6305d0970f6002c4846e7ee6ff1e920042ee08e3
--- /dev/null
+++ b/debian/extra/initramfs-tools/hooks/udev
@@ -0,0 +1,54 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+mkdir -p "$DESTDIR/lib/systemd"
+copy_exec /lib/systemd/systemd-udevd /lib/systemd
+copy_exec /bin/udevadm /bin
+
+mkdir -p "$DESTDIR/etc/udev"
+cp -p /etc/udev/udev.conf "$DESTDIR/etc/udev/"
+
+# copy .link files containing interface naming definitions
+mkdir -p "$DESTDIR/lib/systemd/network/"
+find /lib/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' +
+if [ -d /etc/systemd/network ]; then
+ find /etc/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' +
+fi
+
+mkdir -p "$DESTDIR/lib/udev/rules.d/"
+for rules in 50-firmware.rules 50-udev-default.rules 60-persistent-storage.rules \
+ 61-persistent-storage-android.rules 71-seat.rules 73-special-net-names.rules \
+ 73-usb-net-by-mac.rules 75-net-description.rules \
+ 80-net-setup-link.rules 80-drivers.rules; do
+ if [ -e /etc/udev/rules.d/$rules ]; then
+ cp -p /etc/udev/rules.d/$rules "$DESTDIR/lib/udev/rules.d/"
+ elif [ -e /lib/udev/rules.d/$rules ]; then
+ cp -p /lib/udev/rules.d/$rules "$DESTDIR/lib/udev/rules.d/"
+ fi
+done
+
+# now copy all custom udev rules which don't have an equivalent in /lib (e. g.
+# 70-persistent-net.rules or similar); They might contain network names or
+# other bits which are relevant for the initramfs.
+for rules in /etc/udev/rules.d/*.rules; do
+ if [ -e "$rules" ] && [ ! -e "/lib/${rules#/etc/}" ]; then
+ cp -p "$rules" "$DESTDIR/lib/udev/rules.d/"
+ fi
+done
+
+for program in ata_id scsi_id; do
+ copy_exec /lib/udev/$program /lib/udev
+done
+copy_exec /sbin/blkid /sbin
diff --git a/debian/extra/initramfs-tools/scripts/init-bottom/udev b/debian/extra/initramfs-tools/scripts/init-bottom/udev
new file mode 100755
index 0000000000000000000000000000000000000000..a69d4921f8dff331eefd7bf21d08fb33802e3d26
--- /dev/null
+++ b/debian/extra/initramfs-tools/scripts/init-bottom/udev
@@ -0,0 +1,29 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+# Stop udevd, we'll miss a few events while we run init, but we catch up
+udevadm control --exit
+
+# move the /dev tmpfs to the rootfs; fall back to util-linux mount that does
+# not understand -o move
+mount -n -o move /dev "${rootmnt:?}/dev" || mount -n --move /dev "${rootmnt}/dev"
+
+# create a temporary symlink to the final /dev for other initramfs scripts
+if command -v nuke >/dev/null; then
+ nuke /dev
+else
+ # shellcheck disable=SC2114
+ rm -rf /dev
+fi
+ln -s "${rootmnt}/dev" /dev
+
diff --git a/debian/extra/initramfs-tools/scripts/init-top/udev b/debian/extra/initramfs-tools/scripts/init-top/udev
new file mode 100755
index 0000000000000000000000000000000000000000..9bdfe8641800ae26447846ead03e4d61a15c10ed
--- /dev/null
+++ b/debian/extra/initramfs-tools/scripts/init-top/udev
@@ -0,0 +1,31 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+fi
+
+if [ "${quiet:-n}" = "y" ]; then
+ log_level=notice
+else
+ log_level=info
+fi
+
+SYSTEMD_LOG_LEVEL=$log_level /lib/systemd/systemd-udevd --daemon --resolve-names=never
+
+udevadm trigger --type=subsystems --action=add
+udevadm trigger --type=devices --action=add
+udevadm settle || true
+
+# Leave udev running to process events that come in out-of-band (like USB
+# connections)
diff --git a/debian/extra/kernel-install.d/85-initrd.install b/debian/extra/kernel-install.d/85-initrd.install
new file mode 100755
index 0000000000000000000000000000000000000000..ee6974d285b0ba1c8621b6c305096bb9154f45bd
--- /dev/null
+++ b/debian/extra/kernel-install.d/85-initrd.install
@@ -0,0 +1,29 @@
+#!/bin/sh
+set -eu
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+COMMAND="$1"
+KERNEL_VERSION="$2"
+BOOT_DIR_ABS="$3"
+
+INITRD_SRC="/boot/initrd.img-$KERNEL_VERSION"
+INITRD_DEST="$BOOT_DIR_ABS/initrd"
+
+if [ "$COMMAND" = remove ]; then
+ rm -f "$INITRD_DEST"
+ exit 0
+fi
+
+if [ "$COMMAND" != add ]; then
+ echo "Invalid command $COMMAND" >&2
+ exit 1
+fi
+
+if [ -e "$INITRD_SRC" ];then
+ cp "$INITRD_SRC" "$INITRD_DEST"
+else
+ echo "$INITRD_SRC does not exist, not installing an initrd"
+fi
+
+exit 0
diff --git a/debian/extra/make-fbdev-blacklist b/debian/extra/make-fbdev-blacklist
new file mode 100644
index 0000000000000000000000000000000000000000..826e2d5520f0b03fbda1ff758ae052887e35e415
--- /dev/null
+++ b/debian/extra/make-fbdev-blacklist
@@ -0,0 +1,48 @@
+#!/bin/sh
+# This script should be run before building the package every time a new
+# kernel is released.
+#
+# You should pass the name of the modules directory for a 486 flavour
+# kernel, as that has the most framebuffer modules.
+#
+# Also, obsolete modules should not be removed from the list until after
+# at least one stable release.
+
+set -e
+
+if [ $# = 0 ]; then
+ MODULES_DIR=/lib/modules/$(uname -r)
+else
+ MODULES_DIR="$1"
+fi
+
+BL='fbdev-blacklist.conf'
+
+if [ -e extra/$BL ]; then cd extra; fi
+
+{
+printf "# This file blacklists most old-style PCI framebuffer drivers.\n\n"
+
+find "$MODULES_DIR"/kernel/drivers/video -type f | sort | \
+while read file; do
+ name="$(basename $file .ko)"
+ case $name in
+ lxfb)
+ # This is needed for text consoles on OLPC XO-1, and it used to be
+ # built-in anyway.
+ ;;
+ viafb) ;; # Needed by OLPC XO-1.5
+ *)
+ /sbin/modinfo $file | grep -q '^alias: *pci:' \
+ && echo blacklist $name || true
+ ;;
+ esac
+done
+} > $BL.tmp
+
+if diff --unified=0 $BL $BL.tmp; then
+ rm $BL.tmp
+else
+ printf "\n\n\n$BL.tmp has changes!\n\n\n\n"
+fi
+
diff --git a/debian/extra/make-sysusers-basic b/debian/extra/make-sysusers-basic
new file mode 100755
index 0000000000000000000000000000000000000000..8ff1b15900d76b35962d1232de556a7044afc7d7
--- /dev/null
+++ b/debian/extra/make-sysusers-basic
@@ -0,0 +1,18 @@
+#!/bin/sh
+# generate a sysusers.d(5) file from Debian's static master passwd/group files
+set -eu
+
+echo '# generated from /usr/share/base-passwd/{passwd,group}.master'
+
+# only take groups whose name+gid != the corresponding user in passwd.master
+export IFS=:
+while read name _ id _; do
+ if ! grep -q "^$name:\*:$id:$id:" /usr/share/base-passwd/passwd.master; then
+ printf "g %-10s %-5s -\n" $name $id
+ fi
+done < /usr/share/base-passwd/group.master
+
+echo
+
+# treat "nobody:nogroup" specially: same ID, but different name, so prevent creating a "nobody" group
+awk -F: '{ i = ($3 == $4 && $4 != 65534) ? $3 : $3":"$4; printf("u %-10s %-7s - %-20s %s\n", $1,i,$6,$7) }' < /usr/share/base-passwd/passwd.master
diff --git a/debian/extra/pam-configs/systemd b/debian/extra/pam-configs/systemd
new file mode 100644
index 0000000000000000000000000000000000000000..5b56996a2bb77030fe11ee80e250f59081527aee
--- /dev/null
+++ b/debian/extra/pam-configs/systemd
@@ -0,0 +1,7 @@
+Name: Register user sessions in the systemd control group hierarchy
+Default: yes
+Priority: 0
+Session-Interactive-Only: yes
+Session-Type: Additional
+Session:
+ optional pam_systemd.so
diff --git a/debian/extra/pam.d/systemd-user b/debian/extra/pam.d/systemd-user
new file mode 100644
index 0000000000000000000000000000000000000000..45b2e5e8240ac0ef1c62e5239122ca10b8ce4dd3
--- /dev/null
+++ b/debian/extra/pam.d/systemd-user
@@ -0,0 +1,12 @@
+# This file is part of systemd.
+#
+# Used by systemd --user instances.
+
+@include common-account
+
+session required pam_selinux.so close
+session required pam_selinux.so nottys open
+session required pam_loginuid.so
+session required pam_limits.so
+@include common-session-noninteractive
+session optional pam_systemd.so
diff --git a/debian/extra/rules-ubuntu/40-vm-hotadd.rules b/debian/extra/rules-ubuntu/40-vm-hotadd.rules
new file mode 100644
index 0000000000000000000000000000000000000000..62a5a62bb1dcc7aa01b978386e2b767600228b74
--- /dev/null
+++ b/debian/extra/rules-ubuntu/40-vm-hotadd.rules
@@ -0,0 +1,14 @@
+# On Hyper-V and Xen Virtual Machines we want to add memory and cpus as soon as they appear
+ATTR{[dmi/id]sys_vendor}=="Microsoft Corporation", ATTR{[dmi/id]product_name}=="Virtual Machine", GOTO="vm_hotadd_apply"
+ATTR{[dmi/id]sys_vendor}=="Xen", GOTO="vm_hotadd_apply"
+GOTO="vm_hotadd_end"
+
+LABEL="vm_hotadd_apply"
+
+# Memory hotadd request
+SUBSYSTEM=="memory", ACTION=="add", DEVPATH=="/devices/system/memory/memory[0-9]*", TEST=="state", ATTR{state}="online"
+
+# CPU hotadd request
+SUBSYSTEM=="cpu", ACTION=="add", DEVPATH=="/devices/system/cpu/cpu[0-9]*", TEST=="online", ATTR{online}="1"
+
+LABEL="vm_hotadd_end"
diff --git a/debian/extra/rules-ubuntu/61-persistent-storage-android.rules b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules
new file mode 100644
index 0000000000000000000000000000000000000000..6f4ac42dc0252cbe9836cfbb7a496af1aba5a19c
--- /dev/null
+++ b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules
@@ -0,0 +1,7 @@
+# Android based kernel exports the uevent property PARTNAME, which can be
+# used to find out at run time the named partitions (e.g. boot) for the
+# device. This is specially useful for the Touch based images and flash-kernel,
+# to automatically update the kernel by writing at the correct partition
+# (independently of the hardware revision).
+ACTION!="remove", KERNEL=="mmcblk[0-9]p[0-9]", ENV{PARTNAME}=="?*", SYMLINK+="disk/by-partlabel/$env{PARTNAME}"
+
diff --git a/debian/extra/rules-ubuntu/71-power-switch-proliant.rules b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules
new file mode 100644
index 0000000000000000000000000000000000000000..022baebf7452beeaad75ccfeb38b066186ac90d0
--- /dev/null
+++ b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules
@@ -0,0 +1,2 @@
+ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.6|soc:gpio_keys", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m400 Server Cartridge", TAG+="power-switch"
+ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.12", ATTRS{keys}=="116", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m800 Server Cartridge", TAG+="power-switch"
diff --git a/debian/extra/rules-ubuntu/78-graphics-card.rules b/debian/extra/rules-ubuntu/78-graphics-card.rules
new file mode 100644
index 0000000000000000000000000000000000000000..b3b906cd06940b9ec9e5d7808f9f364107da8164
--- /dev/null
+++ b/debian/extra/rules-ubuntu/78-graphics-card.rules
@@ -0,0 +1,30 @@
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add", GOTO="graphics_end"
+
+# Tag the drm device for KMS-supporting drivers as the primary device for
+# the display; for non-KMS drivers tag the framebuffer device instead.
+
+SUBSYSTEM!="drm", GOTO="drm_end"
+KERNEL!="card[0-9]*", GOTO="drm_end"
+ENV{DEVTYPE}!="drm_minor", GOTO="drm_end"
+
+DRIVERS=="i915", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="radeon", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="nouveau", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="vmwgfx", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+
+LABEL="drm_end"
+
+SUBSYSTEM!="graphics", GOTO="graphics_end"
+
+DRIVERS=="i915", GOTO="graphics_end"
+DRIVERS=="radeon", GOTO="graphics_end"
+DRIVERS=="nouveau", GOTO="graphics_end"
+DRIVERS=="efifb", GOTO="graphics_end"
+DRIVERS=="efi-framebuffer", GOTO="graphics_end"
+DRIVERS=="vesa-framebuffer", GOTO="graphics_end"
+
+KERNEL=="fb[0-9]*", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+
+LABEL="graphics_end"
diff --git a/debian/extra/rules/50-firmware.rules b/debian/extra/rules/50-firmware.rules
new file mode 100644
index 0000000000000000000000000000000000000000..f7a08ce95e016dc1289ca4dfe98c72f393649c35
--- /dev/null
+++ b/debian/extra/rules/50-firmware.rules
@@ -0,0 +1,3 @@
+# stub for immediately telling the kernel that userspace firmware loading
+# failed; necessary to avoid long timeouts with CONFIG_FW_LOADER_USER_HELPER=y
+SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1"
diff --git a/debian/extra/rules/73-special-net-names.rules b/debian/extra/rules/73-special-net-names.rules
new file mode 100644
index 0000000000000000000000000000000000000000..5e470a3409606558852816e6770e3d6bb1ec7385
--- /dev/null
+++ b/debian/extra/rules/73-special-net-names.rules
@@ -0,0 +1,14 @@
+# On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC
+# which terminates in the iDRAC. Help identify this with 'idrac'
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac"
+
+# On IBM systems the Integrated Management Module is reachable using a
+# # USB Virtual NIC.
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", \
+ ATTRS{idVendor}=="04b3", ATTRS{idProduct}=="0325", NAME="ibmimm"
+
+# ibmveth devices' $DEVPATH number is tied to (virtual) hardware (slot id
+# selected in the HMC), thus this provides a reliable naming (e. g.
+# "/devices/vio/30000002/net/eth1"); we ignore the bus number, as
+# there should only ever be one bus, and then remove leading zeros
+ACTION=="add", SUBSYSTEM=="net", NAME=="", DRIVERS=="ibmveth", PROGRAM="/bin/sh -ec 'D=${DEVPATH#*/vio/}; D=${D%%%%/*}; D=${D#????}; D=${D#0}; D=${D#0}; D=${D#0}; D=${D#0}; echo ${D:-0}'", NAME="ibmveth$result"
diff --git a/debian/extra/rules/73-usb-net-by-mac.rules b/debian/extra/rules/73-usb-net-by-mac.rules
new file mode 100644
index 0000000000000000000000000000000000000000..8969f5917649cc15e4555aceeb00240cb201ea47
--- /dev/null
+++ b/debian/extra/rules/73-usb-net-by-mac.rules
@@ -0,0 +1,15 @@
+# Use MAC based names for network interfaces which are directly or indirectly
+# on USB and have an universally administered (stable) MAC address (second bit
+# is 0). Don't do this when ifnames is disabled via kernel command line or
+# customizing/disabling 99-default.link (or previously 80-net-setup-link.rules).
+
+IMPORT{cmdline}="net.ifnames"
+ENV{net.ifnames}=="0", GOTO="usb_net_by_mac_end"
+
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", NAME=="", \
+ ATTR{address}=="?[014589cd]:*", \
+ TEST!="/etc/udev/rules.d/80-net-setup-link.rules", \
+ TEST!="/etc/systemd/network/99-default.link", \
+ IMPORT{builtin}="net_id", NAME="$env{ID_NET_NAME_MAC}"
+
+LABEL="usb_net_by_mac_end"
diff --git a/debian/extra/rules/80-debian-compat.rules b/debian/extra/rules/80-debian-compat.rules
new file mode 100644
index 0000000000000000000000000000000000000000..fb8477ff703e32c76dbca15522bd57399fae0bdb
--- /dev/null
+++ b/debian/extra/rules/80-debian-compat.rules
@@ -0,0 +1,30 @@
+# Debian specific udev rules for backwards compatibility
+
+# needed for old tape drivers, http://bugs.debian.org/657948
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN{builtin}+="kmod load sg"
+
+# device permissions
+KERNEL=="mISDNtimer", GROUP="dialout"
+KERNEL=="mwave", GROUP="dialout"
+KERNEL=="nvram", GROUP="kmem", MODE="0640"
+KERNEL=="pktcdvd", GROUP="cdrom", MODE="0644"
+KERNEL=="lirc[0-9]*", GROUP="video"
+KERNEL=="legousbtower*", MODE="0666"
+KERNEL=="sonypi", MODE="0666"
+KERNEL=="mmtimer", MODE="0644"
+KERNEL=="sgi_*", MODE="0666"
+KERNEL=="z90crypt", MODE="0666"
+
+# These rules will create symlinks for CD/DVD drives, to help old
+# programs which are unable to automatically discover the devices.
+# The first detected device gets the symlink, but this is not stable across
+# reboots.
+ENV{ID_CDROM_CD_RW}=="?*", \
+ PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.cdrw 2>/dev/null; [ `readlink /run/udev/link.cdrw` = %k ]", \
+ SYMLINK+="cdrw", OPTIONS+="link_priority=-100"
+ENV{ID_CDROM_DVD}=="?*", \
+ PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.dvd 2>/dev/null; [ `readlink /run/udev/link.dvd` = %k ]", \
+ SYMLINK+="dvd", OPTIONS+="link_priority=-100"
+ENV{ID_CDROM_DVD_RW}=="?*", \
+ PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.dvdrw 2>/dev/null; [ `readlink /run/udev/link.dvdrw` = %k ]", \
+ SYMLINK+="dvdrw", OPTIONS+="link_priority=-100"
diff --git a/debian/extra/set-cpufreq b/debian/extra/set-cpufreq
new file mode 100755
index 0000000000000000000000000000000000000000..4ffe126da1257569d9ef6c781e2444e4d15a10d8
--- /dev/null
+++ b/debian/extra/set-cpufreq
@@ -0,0 +1,46 @@
+#! /bin/sh
+# Set the CPU Frequency Scaling governor to "ondemand"/"powersave" where available
+set -eu
+
+FIRSTCPU=`cut -f1 -d- /sys/devices/system/cpu/online`
+AVAILABLE="/sys/devices/system/cpu/cpu$FIRSTCPU/cpufreq/scaling_available_governors"
+DOWN_FACTOR="/sys/devices/system/cpu/cpufreq/ondemand/sampling_down_factor"
+
+[ -f $AVAILABLE ] || exit 0
+
+read governors < $AVAILABLE
+case $governors in
+ *interactive*)
+ GOVERNOR="interactive"
+ break
+ ;;
+ *ondemand*)
+ GOVERNOR="ondemand"
+ case $(uname -m) in
+ ppc64*)
+ SAMPLING=100
+ ;;
+ esac
+ break
+ ;;
+ *powersave*)
+ GOVERNOR="powersave"
+ break
+ ;;
+ *)
+ exit 0
+ ;;
+esac
+
+[ -n "${GOVERNOR:-}" ] || exit 0
+
+echo "Setting $GOVERNOR scheduler for all CPUs"
+
+for CPUFREQ in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
+do
+ [ -f $CPUFREQ ] || continue
+ echo -n $GOVERNOR > $CPUFREQ
+done
+if [ -n "${SAMPLING:-}" ] && [ -f $DOWN_FACTOR ]; then
+ echo -n $SAMPLING > $DOWN_FACTOR
+fi
diff --git a/debian/extra/start-udev b/debian/extra/start-udev
new file mode 100755
index 0000000000000000000000000000000000000000..60489258e27264b85417e94c36a1909aa25295b9
--- /dev/null
+++ b/debian/extra/start-udev
@@ -0,0 +1,18 @@
+#!/bin/sh -e
+
+if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+fi
+
+if ! grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
+ mount -n -o mode=0755 -t devtmpfs devtmpfs /dev
+fi
+
+SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never
+
+udevadm trigger --action=add
+
+mkdir -p /dev/pts
+mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts
+
+udevadm settle || true
diff --git a/debian/extra/systemd-sysv-install b/debian/extra/systemd-sysv-install
new file mode 100755
index 0000000000000000000000000000000000000000..7e90dc2bd6b71a87d90d46380f1208a2928804d8
--- /dev/null
+++ b/debian/extra/systemd-sysv-install
@@ -0,0 +1,56 @@
+#!/bin/sh
+# This script is called by "systemctl enable/disable" when the given unit is a
+# SysV init.d script. It needs to call the distribution's mechanism for
+# enabling/disabling those, such as chkconfig, update-rc.d, or similar. This
+# can optionally take a --root argument for enabling a SysV init script
+# in a chroot or similar.
+set -eu
+
+usage() {
+ echo "Usage: $0 [--root=path] enable|disable|is-enabled <sysv script name>" >&2
+ exit 1
+}
+
+ROOT=
+
+# parse options
+eval set -- "$(getopt -o r: --long root: -- "$@")"
+while true; do
+ case "$1" in
+ -r|--root)
+ ROOT="$2"
+ shift 2 ;;
+ --) shift ; break ;;
+ *) usage ;;
+ esac
+done
+
+NAME="${2:-}"
+
+run() {
+ if [ -n "$ROOT" ] && [ "$ROOT" != "/" ]; then
+ _SKIP_SYSTEMD_NATIVE=1 chroot "$ROOT" /usr/sbin/update-rc.d "$@"
+ else
+ _SKIP_SYSTEMD_NATIVE=1 /usr/sbin/update-rc.d "$@"
+ fi
+}
+
+[ -n "$NAME" ] || usage
+
+case "$1" in
+ enable)
+ # call the command to enable SysV init script $NAME here..
+ run "$NAME" defaults
+ run "$NAME" enable
+ ;;
+ disable)
+ run "$NAME" defaults
+ run "$NAME" disable
+ ;;
+ is-enabled)
+ # exit with 0 if $NAME is enabled, non-zero if it is disabled
+ ls "$ROOT"/etc/rc[S5].d/S??"$NAME" >/dev/null 2>&1
+ ;;
+ *)
+ usage ;;
+esac
diff --git a/debian/extra/systemd.py b/debian/extra/systemd.py
new file mode 100644
index 0000000000000000000000000000000000000000..108e896e4d35173bdca7c323277082c4e53e04c6
--- /dev/null
+++ b/debian/extra/systemd.py
@@ -0,0 +1,29 @@
+'''apport package hook for systemd
+
+(c) 2014 Canonical Ltd.
+Author: Martin Pitt <martin.pitt@ubuntu.com>
+'''
+
+import os.path
+import apport.hookutils
+
+def add_info(report):
+ apport.hookutils.attach_hardware(report)
+
+ report['SystemdDelta'] = apport.hookutils.command_output(['systemd-delta'])
+
+ if not os.path.exists('/run/systemd/system'):
+ return
+
+ # Add details about all failed units, if any
+ out = apport.hookutils.command_output(['systemctl', '--state=failed', '--full',
+ '--no-legend']).strip()
+ if out:
+ failed = ''
+ for line in out.splitlines():
+ unit = line.split()[0]
+ if failed:
+ failed += '------\n'
+ failed += apport.hookutils.command_output(['systemctl', 'status', '--full', unit])
+ report['SystemdFailedUnits'] = failed
+
diff --git a/debian/extra/tmpfiles.d/debian.conf b/debian/extra/tmpfiles.d/debian.conf
new file mode 100644
index 0000000000000000000000000000000000000000..9061084495fa786bd38a62ae8ec661a7b64ac215
--- /dev/null
+++ b/debian/extra/tmpfiles.d/debian.conf
@@ -0,0 +1,14 @@
+# This file is part of the debianisation of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# See tmpfiles.d(5) for details
+
+# Type Path Mode UID GID Age Argument
+L /run/shm - - - - /dev/shm
+d /run/sendsigs.omit.d 0755 root root -
+
+L+ /etc/mtab - - - - ../proc/self/mounts
diff --git a/debian/extra/udev.py b/debian/extra/udev.py
new file mode 100644
index 0000000000000000000000000000000000000000..d8bc76f7ab1a4a6fdac9d3f12dc2b1f4324c3224
--- /dev/null
+++ b/debian/extra/udev.py
@@ -0,0 +1,19 @@
+'''apport package hook for udev
+
+(c) 2009 Canonical Ltd.
+Author: Martin Pitt <martin.pitt@ubuntu.com>
+'''
+
+import os
+import apport.hookutils
+
+def add_info(report):
+ apport.hookutils.attach_hardware(report)
+
+ user_rules = []
+ for f in os.listdir('/etc/udev/rules.d'):
+ if not f.startswith('70-persistent-') and f != 'README':
+ user_rules.append(f)
+
+ if user_rules:
+ report['CustomUdevRuleFiles'] = ' '.join(user_rules)
diff --git a/debian/extra/units-ubuntu/ondemand.service b/debian/extra/units-ubuntu/ondemand.service
new file mode 100644
index 0000000000000000000000000000000000000000..7edf84084e36ae289baaa9aaf50f9421e24f8c37
--- /dev/null
+++ b/debian/extra/units-ubuntu/ondemand.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Set the CPU Frequency Scaling governor
+ConditionVirtualization=no
+ConditionPathExists=/sys/devices/system/cpu/online
+# Don't run if we're going to start an Android LXC container on Ubuntu Touch
+ConditionPathExists=!/etc/init/lxc-android-config.conf
+
+[Service]
+Type=idle
+ExecStart=/lib/systemd/set-cpufreq
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/extra/units-ubuntu/user@.service.d/timeout.conf b/debian/extra/units-ubuntu/user@.service.d/timeout.conf
new file mode 100644
index 0000000000000000000000000000000000000000..213eb65136468528eaa6969a2117f2c74d1a66a6
--- /dev/null
+++ b/debian/extra/units-ubuntu/user@.service.d/timeout.conf
@@ -0,0 +1,4 @@
+# Avoid long hangs during shutdown if user services fail/hang due to X.org
+# going away too early
+[Service]
+TimeoutStopSec=5
diff --git a/debian/extra/units/getty-static.service b/debian/extra/units/getty-static.service
new file mode 100644
index 0000000000000000000000000000000000000000..0a1203f070fd8abb8e8747b9b7648edc7bf345e8
--- /dev/null
+++ b/debian/extra/units/getty-static.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=getty on tty2-tty6 if dbus and logind are not available
+ConditionPathExists=/dev/tty0
+ConditionPathExists=!/lib/systemd/system/dbus.service
+
+[Service]
+Type=oneshot
+ExecStart=/bin/systemctl --no-block start getty@tty2.service getty@tty3.service getty@tty4.service getty@tty5.service getty@tty6.service
+RemainAfterExit=true
+
diff --git a/debian/extra/units/rc-local.service.d/debian.conf b/debian/extra/units/rc-local.service.d/debian.conf
new file mode 100644
index 0000000000000000000000000000000000000000..ec77220af242f0305d32032d452b05c100ea11f8
--- /dev/null
+++ b/debian/extra/units/rc-local.service.d/debian.conf
@@ -0,0 +1,10 @@
+[Unit]
+# not specified by LSB, but has been behaving that way in Debian under SysV
+# init and upstart
+After=network-online.target
+
+# Often contains status messages which users expect to see on the console
+# during boot
+[Service]
+StandardOutput=journal+console
+StandardError=journal+console
diff --git a/debian/extra/units/systemd-resolved.service.d/resolvconf.conf b/debian/extra/units/systemd-resolved.service.d/resolvconf.conf
new file mode 100644
index 0000000000000000000000000000000000000000..98a7017ddce9839feab2646f43b4d203364497e0
--- /dev/null
+++ b/debian/extra/units/systemd-resolved.service.d/resolvconf.conf
@@ -0,0 +1,8 @@
+# tell resolvconf about resolved's builtin DNS server, so that DNS servers
+# picked up via networkd are respected when using resolvconf, and that software
+# like Chrome that does not do NSS (libnss-resolve) still gets proper DNS
+# resolution; do not remove the entry after stop though, as that leads to
+# timeouts on shutdown via the resolvconf hooks (see LP: #1648068)
+[Service]
+ExecStartPost=+/bin/sh -c '[ ! -e /run/resolvconf/enable-updates ] || echo "nameserver 127.0.0.53" | /sbin/resolvconf -a systemd-resolved'
+ReadWritePaths=-/run/resolvconf
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000000000000000000000000000000000000..d2c6eb7ddd685b80abaab7adf60f7ea6b2bbfbba
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,8 @@
+[DEFAULT]
+pristine-tar = False
+patch-numbers = False
+debian-branch = master
+
+[dch]
+full = True
+multimaint-merge = True
diff --git a/debian/git-cherry-pick b/debian/git-cherry-pick
new file mode 100755
index 0000000000000000000000000000000000000000..bb39ce8c32becc56f3f28ae51e3a8a5be7939a3e
--- /dev/null
+++ b/debian/git-cherry-pick
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+set -e
+
+if [ -z "$*" ] ; then
+ echo "Usage: $0 [commit [commit ..]]"
+ exit 1
+fi
+
+
+curbranch=$(git rev-parse --abbrev-ref HEAD)
+
+# assert we got a branch
+[ -n "$curbranch" ]
+
+if [ $curbranch = HEAD ] ; then
+ echo "You are not currently on a branch, cannot cherry-pick"
+ exit 1
+fi
+
+case $curbranch in
+ patch-queue/*)
+ debbranch=${curbranch/patch-queue\/}
+ pqbranch=$curbranch
+ ;;
+ *)
+ debbranch=$curbranch
+ pqbranch=patch-queue/$curbranch
+ ;;
+esac
+
+commits=$(git rev-parse "$@")
+
+if git rev-parse $pqbranch &>/dev/null ; then
+ echo
+ echo "Will recreate patch-queue branch $pqbranch"
+ echo "It was pointing to" $(git rev-parse $pqbranch)
+ echo
+fi
+
+gbp pq import --force
+
+echo "Cherry-picking the following commits:"
+echo "$commits"
+
+picks=$(echo "$commits" | xargs echo exec git cherry-pick -x --no-edit --commit)
+
+# find the first debian commit
+firstdebian=$(git log -i --grep "topic.*debian" --pretty=%h --reverse $debbranch..$pqbranch | head -1)
+
+sedexpr="/$firstdebian/i$picks"
+
+GIT_EDITOR="sed -i -e '$sedexpr'" git rebase --interactive --no-autosquash $debbranch
+
+
diff --git a/debian/libnss-myhostname.install b/debian/libnss-myhostname.install
new file mode 100644
index 0000000000000000000000000000000000000000..3db9104538c03a74fd69bb6047a64e514f115578
--- /dev/null
+++ b/debian/libnss-myhostname.install
@@ -0,0 +1,3 @@
+lib/*/libnss_myhostname*.so.*
+usr/share/man/man8/libnss_myhostname.so.2.8
+usr/share/man/man8/nss-myhostname.8
diff --git a/debian/libnss-myhostname.lintian-overrides b/debian/libnss-myhostname.lintian-overrides
new file mode 100644
index 0000000000000000000000000000000000000000..ff4d266a0f2c83c45cc48dec44ff89d6967357f8
--- /dev/null
+++ b/debian/libnss-myhostname.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-myhostname: package-name-doesnt-match-sonames
diff --git a/debian/libnss-myhostname.postinst b/debian/libnss-myhostname.postinst
new file mode 100644
index 0000000000000000000000000000000000000000..9fec7a3574c281f374f2dbd668c5f9e83de9f6ce
--- /dev/null
+++ b/debian/libnss-myhostname.postinst
@@ -0,0 +1,40 @@
+#!/bin/sh
+set -e
+
+# This code was taken from libnss-myhostname
+
+# try to insert myhostname entries to the "hosts" line in /etc/nsswitch.conf to
+# automatically enable libnss-myhostname support; do not change the
+# configuration if the "hosts" line already references some myhostname lookups
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the "hosts" line already references
+ # myhostname
+ if (grep { $_ eq "myhostname"} @bits) {
+ return $line;
+ }
+ # add myhostname at the end
+ return $line . " myhostname";
+ }
+ s/^(hosts:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration (unless
+ # nsswitch.conf already contains myhostname entries)
+ insert_nss_entry
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-myhostname.postrm b/debian/libnss-myhostname.postrm
new file mode 100644
index 0000000000000000000000000000000000000000..0a6d0f2eab02909dc013522d224e8e5c0913cb8b
--- /dev/null
+++ b/debian/libnss-myhostname.postrm
@@ -0,0 +1,28 @@
+#!/bin/sh
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-myhostname myhostname
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-mymachines.install b/debian/libnss-mymachines.install
new file mode 100644
index 0000000000000000000000000000000000000000..553011494cd515605a767de3d14465b01ad14a39
--- /dev/null
+++ b/debian/libnss-mymachines.install
@@ -0,0 +1,3 @@
+lib/*/libnss_mymachines*.so.*
+usr/share/man/man8/libnss_mymachines.so.2.8
+usr/share/man/man8/nss-mymachines.8
diff --git a/debian/libnss-mymachines.lintian-overrides b/debian/libnss-mymachines.lintian-overrides
new file mode 100644
index 0000000000000000000000000000000000000000..c9661e8be76782fc4ad67175dde4c8c7df8161d0
--- /dev/null
+++ b/debian/libnss-mymachines.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-mymachines: package-name-doesnt-match-sonames
diff --git a/debian/libnss-mymachines.postinst b/debian/libnss-mymachines.postinst
new file mode 100644
index 0000000000000000000000000000000000000000..f4b3f5ca98b354ac45f9d2e5c956129aec0fc71d
--- /dev/null
+++ b/debian/libnss-mymachines.postinst
@@ -0,0 +1,40 @@
+#!/bin/sh
+set -e
+
+# This code was taken from libnss-myhostname
+
+# try to insert mymachines entries to the "hosts" line in /etc/nsswitch.conf to
+# automatically enable libnss-mymachines support; do not change the
+# configuration if the "hosts" line already references some mymachines lookups
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the "hosts" line already references
+ # mymachines
+ if (grep { $_ eq "mymachines"} @bits) {
+ return $line;
+ }
+ # add mymachines at the end
+ return $line . " mymachines";
+ }
+ s/^(hosts:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration (unless
+ # nsswitch.conf already contains mymachines entries)
+ insert_nss_entry
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-mymachines.postrm b/debian/libnss-mymachines.postrm
new file mode 100644
index 0000000000000000000000000000000000000000..1318f2186237490221e6ae84c275de43ec58af59
--- /dev/null
+++ b/debian/libnss-mymachines.postrm
@@ -0,0 +1,28 @@
+#!/bin/sh
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-mymachines mymachines
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-resolve.install b/debian/libnss-resolve.install
new file mode 100644
index 0000000000000000000000000000000000000000..3ecf83449e2c264d52e64544bc95609621da4a27
--- /dev/null
+++ b/debian/libnss-resolve.install
@@ -0,0 +1,3 @@
+lib/*/libnss_resolve*.so.*
+usr/share/man/man8/libnss_resolve.so.2.8
+usr/share/man/man8/nss-resolve.8
diff --git a/debian/libnss-resolve.lintian-overrides b/debian/libnss-resolve.lintian-overrides
new file mode 100644
index 0000000000000000000000000000000000000000..dfd9ec41ee1091e327c35458dee1fc9b5d027a7d
--- /dev/null
+++ b/debian/libnss-resolve.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-resolve: package-name-doesnt-match-sonames
diff --git a/debian/libnss-resolve.postinst b/debian/libnss-resolve.postinst
new file mode 100644
index 0000000000000000000000000000000000000000..21b19c86ebc0fe64be0a31f3575a26dcde649eea
--- /dev/null
+++ b/debian/libnss-resolve.postinst
@@ -0,0 +1,55 @@
+#!/bin/sh
+set -e
+
+# This code was taken from libnss-myhostname
+
+# try to insert resolve entries to the "hosts" line in /etc/nsswitch.conf to
+# automatically enable libnss-resolve support; do not change the
+# configuration if the "hosts" line already references some resolve lookups
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the "hosts" line already references
+ # resolve
+ if (grep { $_ eq "resolve"} @bits) {
+ return $line;
+ }
+ # add resolve before dns
+ return join " ", map {
+ $_ eq "dns" ? ("resolve [!UNAVAIL=return]", "$_") : $_
+ } @bits;
+ }
+ s/^(hosts:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration (unless
+ # nsswitch.conf already contains resolve entries)
+ insert_nss_entry
+ # ... and enable resolved
+ systemctl enable systemd-resolved.service
+ if [ -d /run/systemd/system ]; then
+ deb-systemd-invoke start systemd-resolved.service || true
+ fi
+fi
+
+# Fix nsswitch action on upgrades
+if [ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl "231-10"; then
+ if ! grep -q '^hosts:.*resolve[[:space:]]*\[' /etc/nsswitch.conf; then
+ echo "Adjusting 'resolv' entry in /etc/nsswitch.conf.."
+ sed -i '/^hosts:/ { s/resolve/& [!UNAVAIL=return]/}' /etc/nsswitch.conf
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-resolve.postrm b/debian/libnss-resolve.postrm
new file mode 100644
index 0000000000000000000000000000000000000000..6f0f787f0d887b6db34a1ee5e88818afc03b67d8
--- /dev/null
+++ b/debian/libnss-resolve.postrm
@@ -0,0 +1,32 @@
+#!/bin/sh
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-resolve resolve
+ systemctl disable systemd-resolved.service
+ if [ -d /run/systemd/system ]; then
+ deb-systemd-invoke stop systemd-resolved.service || true
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-systemd.install b/debian/libnss-systemd.install
new file mode 100644
index 0000000000000000000000000000000000000000..ade3da44b8103fc12b047152e1b4597eee50d692
--- /dev/null
+++ b/debian/libnss-systemd.install
@@ -0,0 +1,3 @@
+lib/*/libnss_systemd*.so.*
+usr/share/man/man8/libnss_systemd*
+usr/share/man/man8/nss-systemd*
diff --git a/debian/libnss-systemd.lintian-overrides b/debian/libnss-systemd.lintian-overrides
new file mode 100644
index 0000000000000000000000000000000000000000..8e9c4cb9be087972844f509f4bacec39f22c6d4d
--- /dev/null
+++ b/debian/libnss-systemd.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-systemd: package-name-doesnt-match-sonames
diff --git a/debian/libnss-systemd.postinst b/debian/libnss-systemd.postinst
new file mode 100644
index 0000000000000000000000000000000000000000..1dc3c4f2eaa11be160b1d128095afeda3b1d836d
--- /dev/null
+++ b/debian/libnss-systemd.postinst
@@ -0,0 +1,38 @@
+#!/bin/sh
+set -e
+
+# try to insert the systemd entry to the "passwd" and "group" lines in
+# /etc/nsswitch.conf to automatically enable libnss-systemd support; do not
+# change the configuration if the lines already contain "systemd"
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the line already references
+ # systemd
+ if (grep { $_ eq "systemd"} @bits) {
+ return $line;
+ }
+ # add systemd at the end
+ return $line . " systemd";
+ }
+ s/^(passwd:\s+)(.*)/$1.insert($2)/e;
+ s/^(group:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration
+ insert_nss_entry
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-systemd.postrm b/debian/libnss-systemd.postrm
new file mode 100644
index 0000000000000000000000000000000000000000..744cc3590eac4a541289aea1989dea99bf010d32
--- /dev/null
+++ b/debian/libnss-systemd.postrm
@@ -0,0 +1,28 @@
+#!/bin/sh
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/(passwd|group):/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-systemd systemd
+fi
+
+#DEBHELPER#
diff --git a/debian/libpam-systemd.install b/debian/libpam-systemd.install
new file mode 100644
index 0000000000000000000000000000000000000000..df749da94015bd41828cd626bdfd0ce27936acef
--- /dev/null
+++ b/debian/libpam-systemd.install
@@ -0,0 +1,3 @@
+lib/*/security/pam_systemd.so
+usr/share/man/man8/pam_systemd.8
+../../extra/pam-configs usr/share/
diff --git a/debian/libpam-systemd.postinst b/debian/libpam-systemd.postinst
new file mode 100644
index 0000000000000000000000000000000000000000..c6177d8cc72b5fd1a7867029de6e126badeefd9c
--- /dev/null
+++ b/debian/libpam-systemd.postinst
@@ -0,0 +1,7 @@
+#! /bin/sh
+
+set -e
+
+pam-auth-update --package
+
+#DEBHELPER#
diff --git a/debian/libpam-systemd.prerm b/debian/libpam-systemd.prerm
new file mode 100644
index 0000000000000000000000000000000000000000..f51c108866df7db30ebc8418f7fe93ddae89cc52
--- /dev/null
+++ b/debian/libpam-systemd.prerm
@@ -0,0 +1,20 @@
+#! /bin/sh
+
+set -e
+
+# pam-auth-update --remove removes the named profile from the active config.
+# It arguably should be called during deconfigure as well, but deconfigure
+# can happen in some cases during a dist-upgrade and we don't want to
+# deconfigure all PAM modules in the middle of a dist-upgrade by accident.
+#
+# More importantly, with the current implementation, --remove also removes
+# all local preferences for the named config (such as whether it's enabled
+# or disabled), which we don't want to do on deconfigure.
+#
+# This may need to change later as pam-auth-update evolves.
+
+if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then
+ pam-auth-update --package --remove systemd
+fi
+
+#DEBHELPER#
diff --git a/debian/libsystemd-dev.install b/debian/libsystemd-dev.install
new file mode 100644
index 0000000000000000000000000000000000000000..1ca8036e5602674d7c85cab6498035724d6689c8
--- /dev/null
+++ b/debian/libsystemd-dev.install
@@ -0,0 +1,5 @@
+lib/*/libsystemd.so
+usr/lib/*/pkgconfig/libsystemd.pc
+usr/include/systemd/
+usr/share/man/man3/sd*
+usr/share/man/man3/SD*
diff --git a/debian/libsystemd0.install b/debian/libsystemd0.install
new file mode 100644
index 0000000000000000000000000000000000000000..9cd022d66108a85ad6f2957ed8104cb88277a9c1
--- /dev/null
+++ b/debian/libsystemd0.install
@@ -0,0 +1 @@
+lib/*/libsystemd.so.*
diff --git a/debian/libsystemd0.symbols b/debian/libsystemd0.symbols
new file mode 100644
index 0000000000000000000000000000000000000000..8852a01ac6c7f4020fca570c550bcf774414cd4f
--- /dev/null
+++ b/debian/libsystemd0.symbols
@@ -0,0 +1,563 @@
+libsystemd.so.0 libsystemd0 #MINVER#
+* Build-Depends-Package: libsystemd-dev
+ LIBSYSTEMD_209@LIBSYSTEMD_209 0
+ LIBSYSTEMD_211@LIBSYSTEMD_211 211
+ LIBSYSTEMD_213@LIBSYSTEMD_213 213
+ LIBSYSTEMD_214@LIBSYSTEMD_214 214
+ LIBSYSTEMD_216@LIBSYSTEMD_216 217
+ LIBSYSTEMD_217@LIBSYSTEMD_217 217
+ LIBSYSTEMD_219@LIBSYSTEMD_219 219
+ LIBSYSTEMD_220@LIBSYSTEMD_220 220
+ LIBSYSTEMD_221@LIBSYSTEMD_221 221
+ LIBSYSTEMD_222@LIBSYSTEMD_222 222
+ LIBSYSTEMD_226@LIBSYSTEMD_226 226
+ LIBSYSTEMD_227@LIBSYSTEMD_227 227
+ LIBSYSTEMD_229@LIBSYSTEMD_229 229
+ LIBSYSTEMD_230@LIBSYSTEMD_230 230
+ LIBSYSTEMD_231@LIBSYSTEMD_231 231
+ LIBSYSTEMD_232@LIBSYSTEMD_232 232
+ LIBSYSTEMD_233@LIBSYSTEMD_233 233
+ LIBSYSTEMD_234@LIBSYSTEMD_234 234
+ LIBSYSTEMD_236@LIBSYSTEMD_236 236
+ LIBSYSTEMD_237@LIBSYSTEMD_237 237
+ LIBSYSTEMD_238@LIBSYSTEMD_238 238
+ LIBSYSTEMD_239@LIBSYSTEMD_239 239
+ LIBSYSTEMD_240@LIBSYSTEMD_240 240
+ sd_booted@LIBSYSTEMD_209 0
+ sd_bus_add_fallback@LIBSYSTEMD_221 221
+ sd_bus_add_fallback_vtable@LIBSYSTEMD_221 221
+ sd_bus_add_filter@LIBSYSTEMD_221 221
+ sd_bus_add_match@LIBSYSTEMD_221 221
+ sd_bus_add_match_async@LIBSYSTEMD_237 237
+ sd_bus_add_node_enumerator@LIBSYSTEMD_221 221
+ sd_bus_add_object@LIBSYSTEMD_221 221
+ sd_bus_add_object_manager@LIBSYSTEMD_221 221
+ sd_bus_add_object_vtable@LIBSYSTEMD_221 221
+ sd_bus_attach_event@LIBSYSTEMD_221 221
+ sd_bus_call@LIBSYSTEMD_221 221
+ sd_bus_call_async@LIBSYSTEMD_221 221
+ sd_bus_call_method@LIBSYSTEMD_221 221
+ sd_bus_call_method_async@LIBSYSTEMD_221 221
+ sd_bus_can_send@LIBSYSTEMD_221 221
+ sd_bus_close@LIBSYSTEMD_221 221
+ sd_bus_creds_get_audit_login_uid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_audit_session_id@LIBSYSTEMD_221 221
+ sd_bus_creds_get_augmented_mask@LIBSYSTEMD_221 221
+ sd_bus_creds_get_cgroup@LIBSYSTEMD_221 221
+ sd_bus_creds_get_cmdline@LIBSYSTEMD_221 221
+ sd_bus_creds_get_comm@LIBSYSTEMD_221 221
+ sd_bus_creds_get_description@LIBSYSTEMD_221 221
+ sd_bus_creds_get_egid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_euid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_exe@LIBSYSTEMD_221 221
+ sd_bus_creds_get_fsgid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_fsuid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_gid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_mask@LIBSYSTEMD_221 221
+ sd_bus_creds_get_owner_uid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_pid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_ppid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_selinux_context@LIBSYSTEMD_221 221
+ sd_bus_creds_get_session@LIBSYSTEMD_221 221
+ sd_bus_creds_get_sgid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_slice@LIBSYSTEMD_221 221
+ sd_bus_creds_get_suid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_supplementary_gids@LIBSYSTEMD_221 221
+ sd_bus_creds_get_tid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_tid_comm@LIBSYSTEMD_221 221
+ sd_bus_creds_get_tty@LIBSYSTEMD_221 221
+ sd_bus_creds_get_uid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_unique_name@LIBSYSTEMD_221 221
+ sd_bus_creds_get_unit@LIBSYSTEMD_221 221
+ sd_bus_creds_get_user_slice@LIBSYSTEMD_221 221
+ sd_bus_creds_get_user_unit@LIBSYSTEMD_221 221
+ sd_bus_creds_get_well_known_names@LIBSYSTEMD_221 221
+ sd_bus_creds_has_bounding_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_has_effective_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_has_inheritable_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_has_permitted_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_new_from_pid@LIBSYSTEMD_221 221
+ sd_bus_creds_ref@LIBSYSTEMD_221 221
+ sd_bus_creds_unref@LIBSYSTEMD_221 221
+ sd_bus_default@LIBSYSTEMD_221 221
+ sd_bus_default_flush_close@LIBSYSTEMD_227 227
+ sd_bus_default_system@LIBSYSTEMD_221 221
+ sd_bus_default_user@LIBSYSTEMD_221 221
+ sd_bus_detach_event@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_added@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_added_strv@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_removed@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_removed_strv@LIBSYSTEMD_221 221
+ sd_bus_emit_object_added@LIBSYSTEMD_222 222
+ sd_bus_emit_object_removed@LIBSYSTEMD_222 222
+ sd_bus_emit_properties_changed@LIBSYSTEMD_221 221
+ sd_bus_emit_properties_changed_strv@LIBSYSTEMD_221 221
+ sd_bus_emit_signal@LIBSYSTEMD_221 221
+ sd_bus_error_add_map@LIBSYSTEMD_221 221
+ sd_bus_error_copy@LIBSYSTEMD_221 221
+ sd_bus_error_free@LIBSYSTEMD_221 221
+ sd_bus_error_get_errno@LIBSYSTEMD_221 221
+ sd_bus_error_has_name@LIBSYSTEMD_221 221
+ sd_bus_error_is_set@LIBSYSTEMD_221 221
+ sd_bus_error_move@LIBSYSTEMD_240 240
+ sd_bus_error_set@LIBSYSTEMD_221 221
+ sd_bus_error_set_const@LIBSYSTEMD_221 221
+ sd_bus_error_set_errno@LIBSYSTEMD_221 221
+ sd_bus_error_set_errnof@LIBSYSTEMD_221 221
+ sd_bus_error_set_errnofv@LIBSYSTEMD_221 221
+ sd_bus_error_setf@LIBSYSTEMD_221 221
+ sd_bus_flush@LIBSYSTEMD_221 221
+ sd_bus_flush_close_unref@LIBSYSTEMD_222 222
+ sd_bus_get_address@LIBSYSTEMD_221 221
+ sd_bus_get_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_get_bus_id@LIBSYSTEMD_221 221
+ sd_bus_get_close_on_exit@LIBSYSTEMD_240 240
+ sd_bus_get_connected_signal@LIBSYSTEMD_237 237
+ sd_bus_get_creds_mask@LIBSYSTEMD_221 221
+ sd_bus_get_current_handler@LIBSYSTEMD_221 221
+ sd_bus_get_current_message@LIBSYSTEMD_221 221
+ sd_bus_get_current_slot@LIBSYSTEMD_221 221
+ sd_bus_get_current_userdata@LIBSYSTEMD_221 221
+ sd_bus_get_description@LIBSYSTEMD_221 221
+ sd_bus_get_event@LIBSYSTEMD_221 221
+ sd_bus_get_events@LIBSYSTEMD_221 221
+ sd_bus_get_exit_on_disconnect@LIBSYSTEMD_232 232
+ sd_bus_get_fd@LIBSYSTEMD_221 221
+ sd_bus_get_method_call_timeout@LIBSYSTEMD_240 240
+ sd_bus_get_n_queued_read@LIBSYSTEMD_238 238
+ sd_bus_get_n_queued_write@LIBSYSTEMD_238 238
+ sd_bus_get_name_creds@LIBSYSTEMD_221 221
+ sd_bus_get_name_machine_id@LIBSYSTEMD_221 221
+ sd_bus_get_owner_creds@LIBSYSTEMD_221 221
+ sd_bus_get_property@LIBSYSTEMD_221 221
+ sd_bus_get_property_string@LIBSYSTEMD_221 221
+ sd_bus_get_property_strv@LIBSYSTEMD_221 221
+ sd_bus_get_property_trivial@LIBSYSTEMD_221 221
+ sd_bus_get_scope@LIBSYSTEMD_221 221
+ sd_bus_get_sender@LIBSYSTEMD_237 237
+ sd_bus_get_tid@LIBSYSTEMD_221 221
+ sd_bus_get_timeout@LIBSYSTEMD_221 221
+ sd_bus_get_unique_name@LIBSYSTEMD_221 221
+ sd_bus_get_watch_bind@LIBSYSTEMD_237 237
+ sd_bus_is_anonymous@LIBSYSTEMD_221 221
+ sd_bus_is_bus_client@LIBSYSTEMD_221 221
+ sd_bus_is_monitor@LIBSYSTEMD_221 221
+ sd_bus_is_open@LIBSYSTEMD_221 221
+ sd_bus_is_ready@LIBSYSTEMD_237 237
+ sd_bus_is_server@LIBSYSTEMD_221 221
+ sd_bus_is_trusted@LIBSYSTEMD_221 221
+ sd_bus_list_names@LIBSYSTEMD_221 221
+ sd_bus_match_signal@LIBSYSTEMD_237 237
+ sd_bus_match_signal_async@LIBSYSTEMD_237 237
+ sd_bus_message_append@LIBSYSTEMD_221 221
+ sd_bus_message_append_array@LIBSYSTEMD_221 221
+ sd_bus_message_append_array_iovec@LIBSYSTEMD_221 221
+ sd_bus_message_append_array_memfd@LIBSYSTEMD_221 221
+ sd_bus_message_append_array_space@LIBSYSTEMD_221 221
+ sd_bus_message_append_basic@LIBSYSTEMD_221 221
+ sd_bus_message_append_string_iovec@LIBSYSTEMD_221 221
+ sd_bus_message_append_string_memfd@LIBSYSTEMD_221 221
+ sd_bus_message_append_string_space@LIBSYSTEMD_221 221
+ sd_bus_message_append_strv@LIBSYSTEMD_221 221
+ sd_bus_message_appendv@LIBSYSTEMD_234 234
+ sd_bus_message_at_end@LIBSYSTEMD_221 221
+ sd_bus_message_close_container@LIBSYSTEMD_221 221
+ sd_bus_message_copy@LIBSYSTEMD_221 221
+ sd_bus_message_enter_container@LIBSYSTEMD_221 221
+ sd_bus_message_exit_container@LIBSYSTEMD_221 221
+ sd_bus_message_get_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_message_get_auto_start@LIBSYSTEMD_221 221
+ sd_bus_message_get_bus@LIBSYSTEMD_221 221
+ sd_bus_message_get_cookie@LIBSYSTEMD_221 221
+ sd_bus_message_get_creds@LIBSYSTEMD_221 221
+ sd_bus_message_get_destination@LIBSYSTEMD_221 221
+ sd_bus_message_get_errno@LIBSYSTEMD_221 221
+ sd_bus_message_get_error@LIBSYSTEMD_221 221
+ sd_bus_message_get_expect_reply@LIBSYSTEMD_221 221
+ sd_bus_message_get_interface@LIBSYSTEMD_221 221
+ sd_bus_message_get_member@LIBSYSTEMD_221 221
+ sd_bus_message_get_monotonic_usec@LIBSYSTEMD_221 221
+ sd_bus_message_get_path@LIBSYSTEMD_221 221
+ sd_bus_message_get_priority@LIBSYSTEMD_221 221
+ sd_bus_message_get_realtime_usec@LIBSYSTEMD_221 221
+ sd_bus_message_get_reply_cookie@LIBSYSTEMD_221 221
+ sd_bus_message_get_sender@LIBSYSTEMD_221 221
+ sd_bus_message_get_seqnum@LIBSYSTEMD_221 221
+ sd_bus_message_get_signature@LIBSYSTEMD_221 221
+ sd_bus_message_get_type@LIBSYSTEMD_221 221
+ sd_bus_message_has_signature@LIBSYSTEMD_221 221
+ sd_bus_message_is_empty@LIBSYSTEMD_221 221
+ sd_bus_message_is_method_call@LIBSYSTEMD_221 221
+ sd_bus_message_is_method_error@LIBSYSTEMD_221 221
+ sd_bus_message_is_signal@LIBSYSTEMD_221 221
+ sd_bus_message_new@LIBSYSTEMD_236 236
+ sd_bus_message_new_method_call@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_errno@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_errnof@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_error@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_errorf@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_return@LIBSYSTEMD_221 221
+ sd_bus_message_new_signal@LIBSYSTEMD_221 221
+ sd_bus_message_open_container@LIBSYSTEMD_221 221
+ sd_bus_message_peek_type@LIBSYSTEMD_221 221
+ sd_bus_message_read@LIBSYSTEMD_221 221
+ sd_bus_message_read_array@LIBSYSTEMD_221 221
+ sd_bus_message_read_basic@LIBSYSTEMD_221 221
+ sd_bus_message_read_strv@LIBSYSTEMD_221 221
+ sd_bus_message_readv@LIBSYSTEMD_240 240
+ sd_bus_message_ref@LIBSYSTEMD_221 221
+ sd_bus_message_rewind@LIBSYSTEMD_221 221
+ sd_bus_message_seal@LIBSYSTEMD_236 236
+ sd_bus_message_set_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_message_set_auto_start@LIBSYSTEMD_221 221
+ sd_bus_message_set_destination@LIBSYSTEMD_221 221
+ sd_bus_message_set_expect_reply@LIBSYSTEMD_221 221
+ sd_bus_message_set_priority@LIBSYSTEMD_221 221
+ sd_bus_message_set_sender@LIBSYSTEMD_237 237
+ sd_bus_message_skip@LIBSYSTEMD_221 221
+ sd_bus_message_unref@LIBSYSTEMD_221 221
+ sd_bus_message_verify_type@LIBSYSTEMD_221 221
+ sd_bus_negotiate_creds@LIBSYSTEMD_221 221
+ sd_bus_negotiate_fds@LIBSYSTEMD_221 221
+ sd_bus_negotiate_timestamp@LIBSYSTEMD_221 221
+ sd_bus_new@LIBSYSTEMD_221 221
+ sd_bus_open@LIBSYSTEMD_221 221
+ sd_bus_open_system@LIBSYSTEMD_221 221
+ sd_bus_open_system_machine@LIBSYSTEMD_221 221
+ sd_bus_open_system_remote@LIBSYSTEMD_221 221
+ sd_bus_open_system_with_description@LIBSYSTEMD_239 239
+ sd_bus_open_user@LIBSYSTEMD_221 221
+ sd_bus_open_user_with_description@LIBSYSTEMD_239 239
+ sd_bus_open_with_description@LIBSYSTEMD_239 239
+ sd_bus_path_decode@LIBSYSTEMD_221 221
+ sd_bus_path_decode_many@LIBSYSTEMD_227 227
+ sd_bus_path_encode@LIBSYSTEMD_221 221
+ sd_bus_path_encode_many@LIBSYSTEMD_227 227
+ sd_bus_process@LIBSYSTEMD_221 221
+ sd_bus_process_priority@LIBSYSTEMD_221 221
+ sd_bus_query_sender_creds@LIBSYSTEMD_221 221
+ sd_bus_query_sender_privilege@LIBSYSTEMD_221 221
+ sd_bus_ref@LIBSYSTEMD_221 221
+ sd_bus_release_name@LIBSYSTEMD_221 221
+ sd_bus_release_name_async@LIBSYSTEMD_237 237
+ sd_bus_reply_method_errno@LIBSYSTEMD_221 221
+ sd_bus_reply_method_errnof@LIBSYSTEMD_221 221
+ sd_bus_reply_method_error@LIBSYSTEMD_221 221
+ sd_bus_reply_method_errorf@LIBSYSTEMD_221 221
+ sd_bus_reply_method_return@LIBSYSTEMD_221 221
+ sd_bus_request_name@LIBSYSTEMD_221 221
+ sd_bus_request_name_async@LIBSYSTEMD_237 237
+ sd_bus_send@LIBSYSTEMD_221 221
+ sd_bus_send_to@LIBSYSTEMD_221 221
+ sd_bus_set_address@LIBSYSTEMD_221 221
+ sd_bus_set_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_set_anonymous@LIBSYSTEMD_221 221
+ sd_bus_set_bus_client@LIBSYSTEMD_221 221
+ sd_bus_set_close_on_exit@LIBSYSTEMD_240 240
+ sd_bus_set_connected_signal@LIBSYSTEMD_237 237
+ sd_bus_set_description@LIBSYSTEMD_221 221
+ sd_bus_set_exec@LIBSYSTEMD_221 221
+ sd_bus_set_exit_on_disconnect@LIBSYSTEMD_232 232
+ sd_bus_set_fd@LIBSYSTEMD_221 221
+ sd_bus_set_method_call_timeout@LIBSYSTEMD_240 240
+ sd_bus_set_monitor@LIBSYSTEMD_221 221
+ sd_bus_set_property@LIBSYSTEMD_221 221
+ sd_bus_set_sender@LIBSYSTEMD_237 237
+ sd_bus_set_server@LIBSYSTEMD_221 221
+ sd_bus_set_trusted@LIBSYSTEMD_221 221
+ sd_bus_set_watch_bind@LIBSYSTEMD_237 237
+ sd_bus_slot_get_bus@LIBSYSTEMD_221 221
+ sd_bus_slot_get_current_handler@LIBSYSTEMD_221 221
+ sd_bus_slot_get_current_message@LIBSYSTEMD_221 221
+ sd_bus_slot_get_current_userdata@LIBSYSTEMD_221 221
+ sd_bus_slot_get_description@LIBSYSTEMD_221 221
+ sd_bus_slot_get_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_slot_get_floating@LIBSYSTEMD_239 239
+ sd_bus_slot_get_userdata@LIBSYSTEMD_221 221
+ sd_bus_slot_ref@LIBSYSTEMD_221 221
+ sd_bus_slot_set_description@LIBSYSTEMD_221 221
+ sd_bus_slot_set_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_slot_set_floating@LIBSYSTEMD_239 239
+ sd_bus_slot_set_userdata@LIBSYSTEMD_221 221
+ sd_bus_slot_unref@LIBSYSTEMD_221 221
+ sd_bus_start@LIBSYSTEMD_221 221
+ sd_bus_track_add_name@LIBSYSTEMD_221 221
+ sd_bus_track_add_sender@LIBSYSTEMD_221 221
+ sd_bus_track_contains@LIBSYSTEMD_221 221
+ sd_bus_track_count@LIBSYSTEMD_221 221
+ sd_bus_track_count_name@LIBSYSTEMD_232 232
+ sd_bus_track_count_sender@LIBSYSTEMD_232 232
+ sd_bus_track_first@LIBSYSTEMD_221 221
+ sd_bus_track_get_bus@LIBSYSTEMD_221 221
+ sd_bus_track_get_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_track_get_recursive@LIBSYSTEMD_232 232
+ sd_bus_track_get_userdata@LIBSYSTEMD_221 221
+ sd_bus_track_new@LIBSYSTEMD_221 221
+ sd_bus_track_next@LIBSYSTEMD_221 221
+ sd_bus_track_ref@LIBSYSTEMD_221 221
+ sd_bus_track_remove_name@LIBSYSTEMD_221 221
+ sd_bus_track_remove_sender@LIBSYSTEMD_221 221
+ sd_bus_track_set_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_track_set_recursive@LIBSYSTEMD_232 232
+ sd_bus_track_set_userdata@LIBSYSTEMD_221 221
+ sd_bus_track_unref@LIBSYSTEMD_221 221
+ sd_bus_try_close@LIBSYSTEMD_221 221
+ sd_bus_unref@LIBSYSTEMD_221 221
+ sd_bus_wait@LIBSYSTEMD_221 221
+ sd_device_enumerator_add_match_parent@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_property@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_subsystem@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_sysattr@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_sysname@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_tag@LIBSYSTEMD_240 240
+ sd_device_enumerator_allow_uninitialized@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_device_first@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_device_next@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_subsystem_first@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_subsystem_next@LIBSYSTEMD_240 240
+ sd_device_enumerator_new@LIBSYSTEMD_240 240
+ sd_device_enumerator_ref@LIBSYSTEMD_240 240
+ sd_device_enumerator_unref@LIBSYSTEMD_240 240
+ sd_device_get_devlink_first@LIBSYSTEMD_240 240
+ sd_device_get_devlink_next@LIBSYSTEMD_240 240
+ sd_device_get_devname@LIBSYSTEMD_240 240
+ sd_device_get_devnum@LIBSYSTEMD_240 240
+ sd_device_get_devpath@LIBSYSTEMD_240 240
+ sd_device_get_devtype@LIBSYSTEMD_240 240
+ sd_device_get_driver@LIBSYSTEMD_240 240
+ sd_device_get_ifindex@LIBSYSTEMD_240 240
+ sd_device_get_is_initialized@LIBSYSTEMD_240 240
+ sd_device_get_parent@LIBSYSTEMD_240 240
+ sd_device_get_parent_with_subsystem_devtype@LIBSYSTEMD_240 240
+ sd_device_get_property_first@LIBSYSTEMD_240 240
+ sd_device_get_property_next@LIBSYSTEMD_240 240
+ sd_device_get_property_value@LIBSYSTEMD_240 240
+ sd_device_get_subsystem@LIBSYSTEMD_240 240
+ sd_device_get_sysattr_first@LIBSYSTEMD_240 240
+ sd_device_get_sysattr_next@LIBSYSTEMD_240 240
+ sd_device_get_sysattr_value@LIBSYSTEMD_240 240
+ sd_device_get_sysname@LIBSYSTEMD_240 240
+ sd_device_get_sysnum@LIBSYSTEMD_240 240
+ sd_device_get_syspath@LIBSYSTEMD_240 240
+ sd_device_get_tag_first@LIBSYSTEMD_240 240
+ sd_device_get_tag_next@LIBSYSTEMD_240 240
+ sd_device_get_usec_since_initialized@LIBSYSTEMD_240 240
+ sd_device_has_tag@LIBSYSTEMD_240 240
+ sd_device_monitor_attach_event@LIBSYSTEMD_240 240
+ sd_device_monitor_detach_event@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_add_match_subsystem_devtype@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_add_match_tag@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_remove@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_update@LIBSYSTEMD_240 240
+ sd_device_monitor_get_event@LIBSYSTEMD_240 240
+ sd_device_monitor_get_event_source@LIBSYSTEMD_240 240
+ sd_device_monitor_new@LIBSYSTEMD_240 240
+ sd_device_monitor_ref@LIBSYSTEMD_240 240
+ sd_device_monitor_set_receive_buffer_size@LIBSYSTEMD_240 240
+ sd_device_monitor_start@LIBSYSTEMD_240 240
+ sd_device_monitor_stop@LIBSYSTEMD_240 240
+ sd_device_monitor_unref@LIBSYSTEMD_240 240
+ sd_device_new_from_device_id@LIBSYSTEMD_240 240
+ sd_device_new_from_devnum@LIBSYSTEMD_240 240
+ sd_device_new_from_subsystem_sysname@LIBSYSTEMD_240 240
+ sd_device_new_from_syspath@LIBSYSTEMD_240 240
+ sd_device_ref@LIBSYSTEMD_240 240
+ sd_device_set_sysattr_value@LIBSYSTEMD_240 240
+ sd_device_unref@LIBSYSTEMD_240 240
+ sd_event_add_child@LIBSYSTEMD_221 221
+ sd_event_add_defer@LIBSYSTEMD_221 221
+ sd_event_add_exit@LIBSYSTEMD_221 221
+ sd_event_add_inotify@LIBSYSTEMD_239 239
+ sd_event_add_io@LIBSYSTEMD_221 221
+ sd_event_add_post@LIBSYSTEMD_221 221
+ sd_event_add_signal@LIBSYSTEMD_221 221
+ sd_event_add_time@LIBSYSTEMD_221 221
+ sd_event_default@LIBSYSTEMD_221 221
+ sd_event_dispatch@LIBSYSTEMD_221 221
+ sd_event_exit@LIBSYSTEMD_221 221
+ sd_event_get_exit_code@LIBSYSTEMD_221 221
+ sd_event_get_fd@LIBSYSTEMD_221 221
+ sd_event_get_iteration@LIBSYSTEMD_231 231
+ sd_event_get_state@LIBSYSTEMD_221 221
+ sd_event_get_tid@LIBSYSTEMD_221 221
+ sd_event_get_watchdog@LIBSYSTEMD_221 221
+ sd_event_loop@LIBSYSTEMD_221 221
+ sd_event_new@LIBSYSTEMD_221 221
+ sd_event_now@LIBSYSTEMD_221 221
+ sd_event_prepare@LIBSYSTEMD_221 221
+ sd_event_ref@LIBSYSTEMD_221 221
+ sd_event_run@LIBSYSTEMD_221 221
+ sd_event_set_watchdog@LIBSYSTEMD_221 221
+ sd_event_source_get_child_pid@LIBSYSTEMD_221 221
+ sd_event_source_get_description@LIBSYSTEMD_221 221
+ sd_event_source_get_destroy_callback@LIBSYSTEMD_239 239
+ sd_event_source_get_enabled@LIBSYSTEMD_221 221
+ sd_event_source_get_event@LIBSYSTEMD_221 221
+ sd_event_source_get_floating@LIBSYSTEMD_240 240
+ sd_event_source_get_inotify_mask@LIBSYSTEMD_239 239
+ sd_event_source_get_io_events@LIBSYSTEMD_221 221
+ sd_event_source_get_io_fd@LIBSYSTEMD_221 221
+ sd_event_source_get_io_fd_own@LIBSYSTEMD_237 237
+ sd_event_source_get_io_revents@LIBSYSTEMD_221 221
+ sd_event_source_get_pending@LIBSYSTEMD_221 221
+ sd_event_source_get_priority@LIBSYSTEMD_221 221
+ sd_event_source_get_signal@LIBSYSTEMD_221 221
+ sd_event_source_get_time@LIBSYSTEMD_221 221
+ sd_event_source_get_time_accuracy@LIBSYSTEMD_221 221
+ sd_event_source_get_time_clock@LIBSYSTEMD_221 221
+ sd_event_source_get_userdata@LIBSYSTEMD_221 221
+ sd_event_source_ref@LIBSYSTEMD_221 221
+ sd_event_source_set_description@LIBSYSTEMD_221 221
+ sd_event_source_set_destroy_callback@LIBSYSTEMD_239 239
+ sd_event_source_set_enabled@LIBSYSTEMD_221 221
+ sd_event_source_set_floating@LIBSYSTEMD_240 240
+ sd_event_source_set_io_events@LIBSYSTEMD_221 221
+ sd_event_source_set_io_fd@LIBSYSTEMD_221 221
+ sd_event_source_set_io_fd_own@LIBSYSTEMD_237 237
+ sd_event_source_set_prepare@LIBSYSTEMD_221 221
+ sd_event_source_set_priority@LIBSYSTEMD_221 221
+ sd_event_source_set_time@LIBSYSTEMD_221 221
+ sd_event_source_set_time_accuracy@LIBSYSTEMD_221 221
+ sd_event_source_set_userdata@LIBSYSTEMD_221 221
+ sd_event_source_unref@LIBSYSTEMD_221 221
+ sd_event_unref@LIBSYSTEMD_221 221
+ sd_event_wait@LIBSYSTEMD_221 221
+ sd_get_machine_names@LIBSYSTEMD_209 0
+ sd_get_seats@LIBSYSTEMD_209 0
+ sd_get_sessions@LIBSYSTEMD_209 0
+ sd_get_uids@LIBSYSTEMD_209 0
+ sd_hwdb_enumerate@LIBSYSTEMD_240 240
+ sd_hwdb_get@LIBSYSTEMD_240 240
+ sd_hwdb_new@LIBSYSTEMD_240 240
+ sd_hwdb_ref@LIBSYSTEMD_240 240
+ sd_hwdb_seek@LIBSYSTEMD_240 240
+ sd_hwdb_unref@LIBSYSTEMD_240 240
+ sd_id128_from_string@LIBSYSTEMD_209 0
+ sd_id128_get_boot@LIBSYSTEMD_209 0
+ sd_id128_get_boot_app_specific@LIBSYSTEMD_240 240
+ sd_id128_get_invocation@LIBSYSTEMD_232 232
+ sd_id128_get_machine@LIBSYSTEMD_209 0
+ sd_id128_get_machine_app_specific@LIBSYSTEMD_233 233
+ sd_id128_randomize@LIBSYSTEMD_209 0
+ sd_id128_to_string@LIBSYSTEMD_209 0
+ sd_is_fifo@LIBSYSTEMD_209 0
+ sd_is_mq@LIBSYSTEMD_209 0
+ sd_is_socket@LIBSYSTEMD_209 0
+ sd_is_socket_inet@LIBSYSTEMD_209 0
+ sd_is_socket_sockaddr@LIBSYSTEMD_233 233
+ sd_is_socket_unix@LIBSYSTEMD_209 0
+ sd_is_special@LIBSYSTEMD_209 0
+ sd_journal_add_conjunction@LIBSYSTEMD_209 0
+ sd_journal_add_disjunction@LIBSYSTEMD_209 0
+ sd_journal_add_match@LIBSYSTEMD_209 0
+ sd_journal_close@LIBSYSTEMD_209 0
+ sd_journal_enumerate_data@LIBSYSTEMD_209 0
+ sd_journal_enumerate_fields@LIBSYSTEMD_229 229
+ sd_journal_enumerate_unique@LIBSYSTEMD_209 0
+ sd_journal_flush_matches@LIBSYSTEMD_209 0
+ sd_journal_get_catalog@LIBSYSTEMD_209 0
+ sd_journal_get_catalog_for_message_id@LIBSYSTEMD_209 0
+ sd_journal_get_cursor@LIBSYSTEMD_209 0
+ sd_journal_get_cutoff_monotonic_usec@LIBSYSTEMD_209 0
+ sd_journal_get_cutoff_realtime_usec@LIBSYSTEMD_209 0
+ sd_journal_get_data@LIBSYSTEMD_209 0
+ sd_journal_get_data_threshold@LIBSYSTEMD_209 0
+ sd_journal_get_events@LIBSYSTEMD_209 0
+ sd_journal_get_fd@LIBSYSTEMD_209 0
+ sd_journal_get_monotonic_usec@LIBSYSTEMD_209 0
+ sd_journal_get_realtime_usec@LIBSYSTEMD_209 0
+ sd_journal_get_timeout@LIBSYSTEMD_209 0
+ sd_journal_get_usage@LIBSYSTEMD_209 0
+ sd_journal_has_persistent_files@LIBSYSTEMD_229 229
+ sd_journal_has_runtime_files@LIBSYSTEMD_229 229
+ sd_journal_next@LIBSYSTEMD_209 0
+ sd_journal_next_skip@LIBSYSTEMD_209 0
+ sd_journal_open@LIBSYSTEMD_209 0
+ sd_journal_open_container@LIBSYSTEMD_209 0
+ sd_journal_open_directory@LIBSYSTEMD_209 0
+ sd_journal_open_directory_fd@LIBSYSTEMD_230 230
+ sd_journal_open_files@LIBSYSTEMD_209 0
+ sd_journal_open_files_fd@LIBSYSTEMD_230 230
+ sd_journal_perror@LIBSYSTEMD_209 0
+ sd_journal_perror_with_location@LIBSYSTEMD_209 0
+ sd_journal_previous@LIBSYSTEMD_209 0
+ sd_journal_previous_skip@LIBSYSTEMD_209 0
+ sd_journal_print@LIBSYSTEMD_209 0
+ sd_journal_print_with_location@LIBSYSTEMD_209 0
+ sd_journal_printv@LIBSYSTEMD_209 0
+ sd_journal_printv_with_location@LIBSYSTEMD_209 0
+ sd_journal_process@LIBSYSTEMD_209 0
+ sd_journal_query_unique@LIBSYSTEMD_209 0
+ sd_journal_reliable_fd@LIBSYSTEMD_209 0
+ sd_journal_restart_data@LIBSYSTEMD_209 0
+ sd_journal_restart_fields@LIBSYSTEMD_229 229
+ sd_journal_restart_unique@LIBSYSTEMD_209 0
+ sd_journal_seek_cursor@LIBSYSTEMD_209 0
+ sd_journal_seek_head@LIBSYSTEMD_209 0
+ sd_journal_seek_monotonic_usec@LIBSYSTEMD_209 0
+ sd_journal_seek_realtime_usec@LIBSYSTEMD_209 0
+ sd_journal_seek_tail@LIBSYSTEMD_209 0
+ sd_journal_send@LIBSYSTEMD_209 0
+ sd_journal_send_with_location@LIBSYSTEMD_209 0
+ sd_journal_sendv@LIBSYSTEMD_209 0
+ sd_journal_sendv_with_location@LIBSYSTEMD_209 0
+ sd_journal_set_data_threshold@LIBSYSTEMD_209 0
+ sd_journal_stream_fd@LIBSYSTEMD_209 0
+ sd_journal_test_cursor@LIBSYSTEMD_209 0
+ sd_journal_wait@LIBSYSTEMD_209 0
+ sd_listen_fds@LIBSYSTEMD_209 0
+ sd_listen_fds_with_names@LIBSYSTEMD_227 227
+ sd_login_monitor_flush@LIBSYSTEMD_209 0
+ sd_login_monitor_get_events@LIBSYSTEMD_209 0
+ sd_login_monitor_get_fd@LIBSYSTEMD_209 0
+ sd_login_monitor_get_timeout@LIBSYSTEMD_209 0
+ sd_login_monitor_new@LIBSYSTEMD_209 0
+ sd_login_monitor_unref@LIBSYSTEMD_209 0
+ sd_machine_get_class@LIBSYSTEMD_211 211
+ sd_machine_get_ifindices@LIBSYSTEMD_216 217
+ sd_notify@LIBSYSTEMD_209 0
+ sd_notifyf@LIBSYSTEMD_209 0
+ sd_peer_get_cgroup@LIBSYSTEMD_226 226
+ sd_peer_get_machine_name@LIBSYSTEMD_211 211
+ sd_peer_get_owner_uid@LIBSYSTEMD_211 211
+ sd_peer_get_session@LIBSYSTEMD_211 211
+ sd_peer_get_slice@LIBSYSTEMD_211 211
+ sd_peer_get_unit@LIBSYSTEMD_211 211
+ sd_peer_get_user_slice@LIBSYSTEMD_220 220
+ sd_peer_get_user_unit@LIBSYSTEMD_211 211
+ sd_pid_get_cgroup@LIBSYSTEMD_226 226
+ sd_pid_get_machine_name@LIBSYSTEMD_209 0
+ sd_pid_get_owner_uid@LIBSYSTEMD_209 0
+ sd_pid_get_session@LIBSYSTEMD_209 0
+ sd_pid_get_slice@LIBSYSTEMD_209 0
+ sd_pid_get_unit@LIBSYSTEMD_209 0
+ sd_pid_get_user_slice@LIBSYSTEMD_220 220
+ sd_pid_get_user_unit@LIBSYSTEMD_209 0
+ sd_pid_notify@LIBSYSTEMD_214 214
+ sd_pid_notify_with_fds@LIBSYSTEMD_219 219
+ sd_pid_notifyf@LIBSYSTEMD_214 214
+ sd_seat_can_graphical@LIBSYSTEMD_209 0
+ sd_seat_can_multi_session@LIBSYSTEMD_209 0
+ sd_seat_can_tty@LIBSYSTEMD_209 0
+ sd_seat_get_active@LIBSYSTEMD_209 0
+ sd_seat_get_sessions@LIBSYSTEMD_209 0
+ sd_session_get_class@LIBSYSTEMD_209 0
+ sd_session_get_desktop@LIBSYSTEMD_217 217
+ sd_session_get_display@LIBSYSTEMD_209 0
+ sd_session_get_remote_host@LIBSYSTEMD_209 0
+ sd_session_get_remote_user@LIBSYSTEMD_209 0
+ sd_session_get_seat@LIBSYSTEMD_209 0
+ sd_session_get_service@LIBSYSTEMD_209 0
+ sd_session_get_state@LIBSYSTEMD_209 0
+ sd_session_get_tty@LIBSYSTEMD_209 0
+ sd_session_get_type@LIBSYSTEMD_209 0
+ sd_session_get_uid@LIBSYSTEMD_209 0
+ sd_session_get_vt@LIBSYSTEMD_209 0
+ sd_session_is_active@LIBSYSTEMD_209 0
+ sd_session_is_remote@LIBSYSTEMD_209 0
+ sd_uid_get_display@LIBSYSTEMD_213 213
+ sd_uid_get_seats@LIBSYSTEMD_209 0
+ sd_uid_get_sessions@LIBSYSTEMD_209 0
+ sd_uid_get_state@LIBSYSTEMD_209 0
+ sd_uid_is_on_seat@LIBSYSTEMD_209 0
+ sd_watchdog_enabled@LIBSYSTEMD_209 0
diff --git a/debian/libudev-dev.install b/debian/libudev-dev.install
new file mode 100644
index 0000000000000000000000000000000000000000..4ce781e60bab8750bfd4f15a635fa0970066da1c
--- /dev/null
+++ b/debian/libudev-dev.install
@@ -0,0 +1,5 @@
+lib/*/libudev.so
+usr/include/libudev.h
+usr/lib/*/pkgconfig/libudev.pc
+usr/share/man/man3/udev*
+usr/share/man/man3/libudev*
diff --git a/debian/libudev-dev.maintscript b/debian/libudev-dev.maintscript
new file mode 100644
index 0000000000000000000000000000000000000000..b2a4042ca26c3d153d175789b8de8aefdf607bb2
--- /dev/null
+++ b/debian/libudev-dev.maintscript
@@ -0,0 +1 @@
+symlink_to_dir /usr/share/doc/libudev-dev libudev1 221-2~
diff --git a/debian/libudev1-udeb.install b/debian/libudev1-udeb.install
new file mode 100644
index 0000000000000000000000000000000000000000..cead438b8af61c09ee4ae1f79c7560df424ab5ee
--- /dev/null
+++ b/debian/libudev1-udeb.install
@@ -0,0 +1 @@
+lib/*/libudev.so.*
diff --git a/debian/libudev1.install b/debian/libudev1.install
new file mode 100644
index 0000000000000000000000000000000000000000..cead438b8af61c09ee4ae1f79c7560df424ab5ee
--- /dev/null
+++ b/debian/libudev1.install
@@ -0,0 +1 @@
+lib/*/libudev.so.*
diff --git a/debian/libudev1.symbols b/debian/libudev1.symbols
new file mode 100644
index 0000000000000000000000000000000000000000..b197893519793298e4513fa9dae55c063d453989
--- /dev/null
+++ b/debian/libudev1.symbols
@@ -0,0 +1,97 @@
+libudev.so.1 libudev1 #MINVER#
+* Build-Depends-Package: libudev-dev
+ LIBUDEV_183@LIBUDEV_183 183
+ LIBUDEV_189@LIBUDEV_189 189
+ LIBUDEV_196@LIBUDEV_196 196
+ LIBUDEV_199@LIBUDEV_199 199
+ LIBUDEV_215@LIBUDEV_215 215
+ udev_device_get_action@LIBUDEV_183 183
+ udev_device_get_devlinks_list_entry@LIBUDEV_183 183
+ udev_device_get_devnode@LIBUDEV_183 183
+ udev_device_get_devnum@LIBUDEV_183 183
+ udev_device_get_devpath@LIBUDEV_183 183
+ udev_device_get_devtype@LIBUDEV_183 183
+ udev_device_get_driver@LIBUDEV_183 183
+ udev_device_get_is_initialized@LIBUDEV_183 183
+ udev_device_get_parent@LIBUDEV_183 183
+ udev_device_get_parent_with_subsystem_devtype@LIBUDEV_183 183
+ udev_device_get_properties_list_entry@LIBUDEV_183 183
+ udev_device_get_property_value@LIBUDEV_183 183
+ udev_device_get_seqnum@LIBUDEV_183 183
+ udev_device_get_subsystem@LIBUDEV_183 183
+ udev_device_get_sysattr_list_entry@LIBUDEV_183 183
+ udev_device_get_sysattr_value@LIBUDEV_183 183
+ udev_device_get_sysname@LIBUDEV_183 183
+ udev_device_get_sysnum@LIBUDEV_183 183
+ udev_device_get_syspath@LIBUDEV_183 183
+ udev_device_get_tags_list_entry@LIBUDEV_183 183
+ udev_device_get_udev@LIBUDEV_183 183
+ udev_device_get_usec_since_initialized@LIBUDEV_183 183
+ udev_device_has_tag@LIBUDEV_183 183
+ udev_device_new_from_device_id@LIBUDEV_189 189
+ udev_device_new_from_devnum@LIBUDEV_183 183
+ udev_device_new_from_environment@LIBUDEV_183 183
+ udev_device_new_from_subsystem_sysname@LIBUDEV_183 183
+ udev_device_new_from_syspath@LIBUDEV_183 183
+ udev_device_ref@LIBUDEV_183 183
+ udev_device_set_sysattr_value@LIBUDEV_199 199
+ udev_device_unref@LIBUDEV_183 183
+ udev_enumerate_add_match_is_initialized@LIBUDEV_183 183
+ udev_enumerate_add_match_parent@LIBUDEV_183 183
+ udev_enumerate_add_match_property@LIBUDEV_183 183
+ udev_enumerate_add_match_subsystem@LIBUDEV_183 183
+ udev_enumerate_add_match_sysattr@LIBUDEV_183 183
+ udev_enumerate_add_match_sysname@LIBUDEV_183 183
+ udev_enumerate_add_match_tag@LIBUDEV_183 183
+ udev_enumerate_add_nomatch_subsystem@LIBUDEV_183 183
+ udev_enumerate_add_nomatch_sysattr@LIBUDEV_183 183
+ udev_enumerate_add_syspath@LIBUDEV_183 183
+ udev_enumerate_get_list_entry@LIBUDEV_183 183
+ udev_enumerate_get_udev@LIBUDEV_183 183
+ udev_enumerate_new@LIBUDEV_183 183
+ udev_enumerate_ref@LIBUDEV_183 183
+ udev_enumerate_scan_devices@LIBUDEV_183 183
+ udev_enumerate_scan_subsystems@LIBUDEV_183 183
+ udev_enumerate_unref@LIBUDEV_183 183
+ udev_get_log_priority@LIBUDEV_183 183
+ udev_get_userdata@LIBUDEV_183 183
+ udev_hwdb_get_properties_list_entry@LIBUDEV_196 196
+ udev_hwdb_new@LIBUDEV_196 196
+ udev_hwdb_ref@LIBUDEV_196 196
+ udev_hwdb_unref@LIBUDEV_196 196
+ udev_list_entry_get_by_name@LIBUDEV_183 183
+ udev_list_entry_get_name@LIBUDEV_183 183
+ udev_list_entry_get_next@LIBUDEV_183 183
+ udev_list_entry_get_value@LIBUDEV_183 183
+ udev_monitor_enable_receiving@LIBUDEV_183 183
+ udev_monitor_filter_add_match_subsystem_devtype@LIBUDEV_183 183
+ udev_monitor_filter_add_match_tag@LIBUDEV_183 183
+ udev_monitor_filter_remove@LIBUDEV_183 183
+ udev_monitor_filter_update@LIBUDEV_183 183
+ udev_monitor_get_fd@LIBUDEV_183 183
+ udev_monitor_get_udev@LIBUDEV_183 183
+ udev_monitor_new_from_netlink@LIBUDEV_183 183
+ udev_monitor_receive_device@LIBUDEV_183 183
+ udev_monitor_ref@LIBUDEV_183 183
+ udev_monitor_set_receive_buffer_size@LIBUDEV_183 183
+ udev_monitor_unref@LIBUDEV_183 183
+ udev_new@LIBUDEV_183 183
+ udev_queue_flush@LIBUDEV_215 215
+ udev_queue_get_fd@LIBUDEV_215 215
+ udev_queue_get_kernel_seqnum@LIBUDEV_183 183
+ udev_queue_get_queue_is_empty@LIBUDEV_183 183
+ udev_queue_get_queued_list_entry@LIBUDEV_183 183
+ udev_queue_get_seqnum_is_finished@LIBUDEV_183 183
+ udev_queue_get_seqnum_sequence_is_finished@LIBUDEV_183 183
+ udev_queue_get_udev@LIBUDEV_183 183
+ udev_queue_get_udev_is_active@LIBUDEV_183 183
+ udev_queue_get_udev_seqnum@LIBUDEV_183 183
+ udev_queue_new@LIBUDEV_183 183
+ udev_queue_ref@LIBUDEV_183 183
+ udev_queue_unref@LIBUDEV_183 183
+ udev_ref@LIBUDEV_183 183
+ udev_set_log_fn@LIBUDEV_183 183
+ udev_set_log_priority@LIBUDEV_183 183
+ udev_set_userdata@LIBUDEV_183 183
+ udev_unref@LIBUDEV_183 183
+ udev_util_encode_string@LIBUDEV_183 183
diff --git a/debian/patches/Do-not-start-server-if-it-is-already-runnning-11245.patch b/debian/patches/Do-not-start-server-if-it-is-already-runnning-11245.patch
new file mode 100644
index 0000000000000000000000000000000000000000..fbcba778e5d4d306508f6491046ac99a11bd2bec
--- /dev/null
+++ b/debian/patches/Do-not-start-server-if-it-is-already-runnning-11245.patch
@@ -0,0 +1,37 @@
+From: rogerjames99 <roger@beardandsandals.co.uk>
+Date: Fri, 28 Dec 2018 06:34:43 +0000
+Subject: Do not start server if it is already runnning (#11245)
+
+(cherry picked from commit 7da7340afdd4760fb2dd9d000105c324a77aff4b)
+---
+ src/network/networkd-link.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index e2851df..cadf7f8 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -1207,15 +1207,16 @@ static int link_request_set_addresses(Link *link) {
+ return r;
+ }
+ }
++ if (!sd_dhcp_server_is_running(link->dhcp_server)) {
++ r = sd_dhcp_server_start(link->dhcp_server);
++ if (r < 0) {
++ log_link_warning_errno(link, r, "Could not start DHCPv4 server instance: %m");
+
+- r = sd_dhcp_server_start(link->dhcp_server);
+- if (r < 0) {
+- log_link_warning_errno(link, r, "Could not start DHCPv4 server instance: %m");
+-
+- link_enter_failed(link);
++ link_enter_failed(link);
+
+- return 0;
+- }
++ return 0;
++ }
++ }
+
+ log_link_debug(link, "Offering DHCPv4 leases");
+ }
diff --git a/debian/patches/Docs-Add-Missing-Space-Between-Words.patch b/debian/patches/Docs-Add-Missing-Space-Between-Words.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5e69b6478ab844a6ab7c0692e674b70ffde2af9b
--- /dev/null
+++ b/debian/patches/Docs-Add-Missing-Space-Between-Words.patch
@@ -0,0 +1,23 @@
+From: Alex Mayer <amayer5125@gmail.com>
+Date: Wed, 2 Jan 2019 12:53:47 -0500
+Subject: Docs: Add Missing Space Between Words
+
+(cherry picked from commit 8d7fac92f07cc662e51dcda7c9f3a322454895c7)
+(cherry picked from commit e60c80a908a2c8c6036e41d083134c9e095aa268)
+---
+ man/systemd.exec.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
+index 6419bee..46aa473 100644
+--- a/man/systemd.exec.xml
++++ b/man/systemd.exec.xml
+@@ -1810,7 +1810,7 @@ SystemCallErrorNumber=EPERM</programlisting>
+ <option>syslog</option>, <option>kmsg</option>, <option>journal+console</option>,
+ <option>syslog+console</option>, <option>kmsg+console</option>,
+ <option>file:<replaceable>path</replaceable></option>, <option>append:<replaceable>path</replaceable></option>,
+- <option>socket</option> or<option>fd:<replaceable>name</replaceable></option>.</para>
++ <option>socket</option> or <option>fd:<replaceable>name</replaceable></option>.</para>
+
+ <para><option>inherit</option> duplicates the file descriptor of standard input for standard output.</para>
+
diff --git a/debian/patches/Pass-separate-dev_t-var-to-device_path_parse_major_minor.patch b/debian/patches/Pass-separate-dev_t-var-to-device_path_parse_major_minor.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0b2adadc657a73289944fc5d90a85571adc696f0
--- /dev/null
+++ b/debian/patches/Pass-separate-dev_t-var-to-device_path_parse_major_minor.patch
@@ -0,0 +1,114 @@
+From: YunQiang Su <syq@debian.org>
+Date: Tue, 25 Dec 2018 19:01:17 +0800
+Subject: Pass separate dev_t var to device_path_parse_major_minor
+
+MIPS/O32's st_rdev member of struct stat is unsigned long, which
+is 32bit, while dev_t is defined as 64bit, which make some problems
+in device_path_parse_major_minor.
+
+Don't pass st.st_rdev, st_mode to device_path_parse_major_minor,
+while pass 2 seperate variables. The result of stat is alos copied
+out into these 2 variables. Fixes: #11247
+
+(cherry picked from commit f5855697aa19fb92637e72ab02e4623abe77f288)
+(cherry picked from commit a0d4edf0e7fe6674c44258a73e0722494d659976)
+---
+ src/core/cgroup.c | 35 ++++++++++++++++++++++-------------
+ 1 file changed, 22 insertions(+), 13 deletions(-)
+
+diff --git a/src/core/cgroup.c b/src/core/cgroup.c
+index a7ce3fc..52324f8 100644
+--- a/src/core/cgroup.c
++++ b/src/core/cgroup.c
+@@ -396,26 +396,31 @@ static void cgroup_xattr_apply(Unit *u) {
+ }
+
+ static int lookup_block_device(const char *p, dev_t *ret) {
+- struct stat st = {};
++ dev_t rdev, dev = 0;
++ mode_t mode;
+ int r;
+
+ assert(p);
+ assert(ret);
+
+- r = device_path_parse_major_minor(p, &st.st_mode, &st.st_rdev);
++ r = device_path_parse_major_minor(p, &mode, &rdev);
+ if (r == -ENODEV) { /* not a parsable device node, need to go to disk */
++ struct stat st;
+ if (stat(p, &st) < 0)
+ return log_warning_errno(errno, "Couldn't stat device '%s': %m", p);
++ rdev = (dev_t)st.st_rdev;
++ dev = (dev_t)st.st_dev;
++ mode = st.st_mode;
+ } else if (r < 0)
+ return log_warning_errno(r, "Failed to parse major/minor from path '%s': %m", p);
+
+- if (S_ISCHR(st.st_mode)) {
++ if (S_ISCHR(mode)) {
+ log_warning("Device node '%s' is a character device, but block device needed.", p);
+ return -ENOTBLK;
+- } else if (S_ISBLK(st.st_mode))
+- *ret = st.st_rdev;
+- else if (major(st.st_dev) != 0)
+- *ret = st.st_dev; /* If this is not a device node then use the block device this file is stored on */
++ } else if (S_ISBLK(mode))
++ *ret = rdev;
++ else if (major(dev) != 0)
++ *ret = dev; /* If this is not a device node then use the block device this file is stored on */
+ else {
+ /* If this is btrfs, getting the backing block device is a bit harder */
+ r = btrfs_get_block_device(p, ret);
+@@ -436,7 +441,8 @@ static int lookup_block_device(const char *p, dev_t *ret) {
+ }
+
+ static int whitelist_device(BPFProgram *prog, const char *path, const char *node, const char *acc) {
+- struct stat st = {};
++ dev_t rdev;
++ mode_t mode;
+ int r;
+
+ assert(path);
+@@ -445,11 +451,12 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node
+ /* Some special handling for /dev/block/%u:%u, /dev/char/%u:%u, /run/systemd/inaccessible/chr and
+ * /run/systemd/inaccessible/blk paths. Instead of stat()ing these we parse out the major/minor directly. This
+ * means clients can use these path without the device node actually around */
+- r = device_path_parse_major_minor(node, &st.st_mode, &st.st_rdev);
++ r = device_path_parse_major_minor(node, &mode, &rdev);
+ if (r < 0) {
+ if (r != -ENODEV)
+ return log_warning_errno(r, "Couldn't parse major/minor from device path '%s': %m", node);
+
++ struct stat st;
+ if (stat(node, &st) < 0)
+ return log_warning_errno(errno, "Couldn't stat device %s: %m", node);
+
+@@ -457,22 +464,24 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node
+ log_warning("%s is not a device.", node);
+ return -ENODEV;
+ }
++ rdev = (dev_t) st.st_rdev;
++ mode = st.st_mode;
+ }
+
+ if (cg_all_unified() > 0) {
+ if (!prog)
+ return 0;
+
+- return cgroup_bpf_whitelist_device(prog, S_ISCHR(st.st_mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
+- major(st.st_rdev), minor(st.st_rdev), acc);
++ return cgroup_bpf_whitelist_device(prog, S_ISCHR(mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
++ major(rdev), minor(rdev), acc);
+
+ } else {
+ char buf[2+DECIMAL_STR_MAX(dev_t)*2+2+4];
+
+ sprintf(buf,
+ "%c %u:%u %s",
+- S_ISCHR(st.st_mode) ? 'c' : 'b',
+- major(st.st_rdev), minor(st.st_rdev),
++ S_ISCHR(mode) ? 'c' : 'b',
++ major(rdev), minor(rdev),
+ acc);
+
+ /* Changing the devices list of a populated cgroup might result in EINVAL, hence ignore EINVAL here. */
diff --git a/debian/patches/Revert-Always-rename-an-interface-to-its-name-specified-i.patch b/debian/patches/Revert-Always-rename-an-interface-to-its-name-specified-i.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2540378d158624968fce83277f2ff879a1c62087
--- /dev/null
+++ b/debian/patches/Revert-Always-rename-an-interface-to-its-name-specified-i.patch
@@ -0,0 +1,61 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 16 Jan 2019 13:28:41 +0100
+Subject: Revert "Always rename an interface to its name specified in config
+ if no NamePolicy= is specified"
+
+This reverts commit 55b6530baacf4658a183b15b010a8cf3483fde08.
+
+This commit description says "Always rename an interface to its name specified
+in config if no NamePolicy= is specified", but it does much more:
+1. It completely changes the meaning of NamePolicy=kernel. Before, it meant that an interface
+ with type==NAMEPOLICY_KERNEL would not be renamed. After, the kernel name only works as
+ a fallback, if no policy matches.
+2. The "if no NamePolicy= is specified" part is not true at all, the interface will be renamed
+ according to the specified NamePolicy=.
+
+After 55b6530baacf, the should_rename() function is named very misleadingly: it is only used
+to mean "respect kernel predictable name if no naming policy matches".
+
+Let's revert, and start with a clean slate. This fixes #11436.
+
+(cherry picked from commit ed30802324365dde6c05d0b7c3ce1a0eff3bf571)
+---
+ src/udev/net/link-config.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
+index ac66ffd..07d8b92 100644
+--- a/src/udev/net/link-config.c
++++ b/src/udev/net/link-config.c
+@@ -312,11 +312,16 @@ static bool should_rename(sd_device *device, bool respect_predictable) {
+ return true;
+
+ switch (type) {
++ case NET_NAME_USER:
++ case NET_NAME_RENAMED:
++ /* these were already named by userspace, do not touch again */
++ return false;
+ case NET_NAME_PREDICTABLE:
+ /* the kernel claims to have given a predictable name */
+ if (respect_predictable)
+ return false;
+ _fallthrough_;
++ case NET_NAME_ENUM:
+ default:
+ /* the name is known to be bad, or of an unknown type */
+ return true;
+@@ -437,8 +442,12 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
+ }
+ }
+
+- if (!new_name && should_rename(device, respect_predictable))
+- new_name = config->name;
++ if (should_rename(device, respect_predictable)) {
++ /* if not set by policy, fall back manually set name */
++ if (!new_name)
++ new_name = config->name;
++ } else
++ new_name = NULL;
+
+ switch (config->mac_policy) {
+ case MACPOLICY_PERSISTENT:
diff --git a/debian/patches/Revert-logind-become-the-controlling-terminal-process-bef.patch b/debian/patches/Revert-logind-become-the-controlling-terminal-process-bef.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8a8d838ce9d735983012c875e4a7699e1d4a51ba
--- /dev/null
+++ b/debian/patches/Revert-logind-become-the-controlling-terminal-process-bef.patch
@@ -0,0 +1,91 @@
+From: Franck Bui <fbui@suse.com>
+Date: Thu, 10 Jan 2019 12:17:51 +0100
+Subject: Revert "logind: become the controlling terminal process before
+ restoring VT"
+
+This reverts commit ad96887a1205bad9656d280c5681f482e6d04838.
+
+Commit adb8688 alone should be enough to fix issue #9754.
+
+Fixes #11269
+
+(cherry picked from commit c0f34168d4c5691fccb62e81d6d49dd2f730a17b)
+(cherry picked from commit f02b5472c6f0c41e5dc8dc2c84590866baf937ff)
+---
+ src/login/logind-session.c | 58 ++++++++++++----------------------------------
+ 1 file changed, 15 insertions(+), 43 deletions(-)
+
+diff --git a/src/login/logind-session.c b/src/login/logind-session.c
+index 4b4dd4c..90a9108 100644
+--- a/src/login/logind-session.c
++++ b/src/login/logind-session.c
+@@ -1227,54 +1227,26 @@ error:
+ }
+
+ static void session_restore_vt(Session *s) {
+- pid_t pid;
+- int r;
+-
+- if (s->vtnr < 1)
+- return;
++ int r, vt, old_fd;
+
+- if (s->vtfd < 0)
+- return;
+-
+- /* The virtual terminal can potentially be entering in hung-up state at any time
+- * depending on when the controlling process exits.
+- *
+- * If the controlling process exits while we're restoring the virtual terminal,
+- * the VT will enter in hung-up state and we'll fail at restoring it. To prevent
+- * this case, we kick off the current controlling process (if any) in a child
+- * process so logind doesn't play around with tty ownership.
+- *
+- * If the controlling process already exited, getting a fresh handle to the
+- * virtual terminal reset the hung-up state. */
+- r = safe_fork("(logind)", FORK_REOPEN_LOG|FORK_CLOSE_ALL_FDS|FORK_RESET_SIGNALS|FORK_WAIT|FORK_LOG, &pid);
+- if (r == 0) {
+- char path[sizeof("/dev/tty") + DECIMAL_STR_MAX(s->vtnr)];
+- int vt;
+-
+- /* We must be a session leader in order to become the controlling process. */
+- pid = setsid();
+- if (pid < 0) {
+- log_error_errno(errno, "Failed to become session leader: %m");
+- _exit(EXIT_FAILURE);
+- }
++ /* We need to get a fresh handle to the virtual terminal,
++ * since the old file-descriptor is potentially in a hung-up
++ * state after the controlling process exited; we do a
++ * little dance to avoid having the terminal be available
++ * for reuse before we've cleaned it up.
++ */
++ old_fd = TAKE_FD(s->vtfd);
+
+- sprintf(path, "/dev/tty%u", s->vtnr);
+- vt = acquire_terminal(path, ACQUIRE_TERMINAL_FORCE, USEC_INFINITY);
+- if (vt < 0) {
+- log_error_errno(vt, "Cannot acquire VT %s of session %s: %m", path, s->id);
+- _exit(EXIT_FAILURE);
+- }
++ vt = session_open_vt(s);
++ safe_close(old_fd);
+
+- r = vt_restore(vt);
+- if (r < 0)
+- log_warning_errno(r, "Failed to restore VT, ignoring: %m");
++ if (vt < 0)
++ return;
+
+- /* Give up and release the controlling terminal. */
+- safe_close(vt);
+- _exit(EXIT_SUCCESS);
+- }
++ r = vt_restore(vt);
++ if (r < 0)
++ log_warning_errno(r, "Failed to restore VT, ignoring: %m");
+
+- /* Close the fd in any cases. */
+ s->vtfd = safe_close(s->vtfd);
+ }
+
diff --git a/debian/patches/Revert-pam_systemd-drop-setting-DBUS_SESSION_BUS_ADDRESS.patch b/debian/patches/Revert-pam_systemd-drop-setting-DBUS_SESSION_BUS_ADDRESS.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cbffd70f8db438725f2a68bdc74af431c8f5f984
--- /dev/null
+++ b/debian/patches/Revert-pam_systemd-drop-setting-DBUS_SESSION_BUS_ADDRESS.patch
@@ -0,0 +1,100 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 4 Jan 2019 11:19:10 +0100
+Subject: Revert "pam_systemd: drop setting DBUS_SESSION_BUS_ADDRESS"
+
+This reverts commit 2b2b7228bffef626fe8e9f131095995f3d50ee3b.
+
+Fixes #11293.
+
+Removing the environment variable causes problems, e.g. Xfce and Chromium and
+... don't communicate with the running dbus instance. If they attempt to start their
+own instance, things become even more confusing. Those packages could be fixed
+one by one, but removing the variable right now is causing too many problems.
+
+(cherry picked from commit 00efd4988b8e4a147f96337de32e54925640f0b7)
+(cherry picked from commit 6c44e6c681e55f8291078b51c72cbfd81cc21a94)
+---
+ README | 2 +-
+ src/login/pam_systemd.c | 42 ++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 43 insertions(+), 1 deletion(-)
+
+diff --git a/README b/README
+index 4439be1..baabf69 100644
+--- a/README
++++ b/README
+@@ -170,7 +170,7 @@ REQUIREMENTS:
+ dependencies:
+
+ util-linux >= v2.27.1 required
+- dbus >= 1.9.14 (strictly speaking optional, but recommended)
++ dbus >= 1.4.0 (strictly speaking optional, but recommended)
+ NOTE: If using dbus < 1.9.18, you should override the default
+ policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
+ dracut (optional)
+diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
+index c7d9dcf..cdec102 100644
+--- a/src/login/pam_systemd.c
++++ b/src/login/pam_systemd.c
+@@ -190,6 +190,40 @@ static int get_seat_from_display(const char *display, const char **seat, uint32_
+ return 0;
+ }
+
++static int export_legacy_dbus_address(
++ pam_handle_t *handle,
++ uid_t uid,
++ const char *runtime) {
++
++ _cleanup_free_ char *s = NULL;
++ int r = PAM_BUF_ERR;
++
++ /* FIXME: We *really* should move the access() check into the
++ * daemons that spawn dbus-daemon, instead of forcing
++ * DBUS_SESSION_BUS_ADDRESS= here. */
++
++ s = strjoin(runtime, "/bus");
++ if (!s)
++ goto error;
++
++ if (access(s, F_OK) < 0)
++ return PAM_SUCCESS;
++
++ s = mfree(s);
++ if (asprintf(&s, DEFAULT_USER_BUS_ADDRESS_FMT, runtime) < 0)
++ goto error;
++
++ r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0);
++ if (r != PAM_SUCCESS)
++ goto error;
++
++ return PAM_SUCCESS;
++
++error:
++ pam_syslog(handle, LOG_ERR, "Failed to set bus variable.");
++ return r;
++}
++
+ static int append_session_memory_max(pam_handle_t *handle, sd_bus_message *m, const char *limit) {
+ uint64_t val;
+ int r;
+@@ -405,6 +439,10 @@ _public_ PAM_EXTERN int pam_sm_open_session(
+ }
+ }
+
++ r = export_legacy_dbus_address(handle, pw->pw_uid, rt);
++ if (r != PAM_SUCCESS)
++ return r;
++
+ return PAM_SUCCESS;
+ }
+
+@@ -613,6 +651,10 @@ _public_ PAM_EXTERN int pam_sm_open_session(
+ if (r != PAM_SUCCESS)
+ return r;
+ }
++
++ r = export_legacy_dbus_address(handle, pw->pw_uid, runtime_path);
++ if (r != PAM_SUCCESS)
++ return r;
+ }
+
+ /* Most likely we got the session/type/class from environment variables, but might have gotten the data
diff --git a/debian/patches/Revert-sd-device-ignore-bind-unbind-events-for-now.patch b/debian/patches/Revert-sd-device-ignore-bind-unbind-events-for-now.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1a76e85ff8a9858d40bd601f049600e8d9259cd5
--- /dev/null
+++ b/debian/patches/Revert-sd-device-ignore-bind-unbind-events-for-now.patch
@@ -0,0 +1,34 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 2 Jan 2019 04:00:14 +0900
+Subject: Revert "sd-device: ignore bind/unbind events for now"
+
+This reverts commit 56c886dc7ed5b2bb0882ba85136f4070545bfc1b.
+
+Fixes #11277 and #11299.
+
+(cherry picked from commit b261494128e60dd3168e0ea961606ec4f39c5739)
+(cherry picked from commit ff2145bfe5aac524c5870a295293b8e3cc74e27a)
+---
+ src/libsystemd/sd-device/device-private.c | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/src/libsystemd/sd-device/device-private.c b/src/libsystemd/sd-device/device-private.c
+index 01a5aa3..36beb3e 100644
+--- a/src/libsystemd/sd-device/device-private.c
++++ b/src/libsystemd/sd-device/device-private.c
+@@ -326,15 +326,6 @@ static int device_append(sd_device *device, char *key, const char **_major, cons
+ action = device_action_from_string(value);
+ if (action == _DEVICE_ACTION_INVALID)
+ return -EINVAL;
+- /* FIXME: remove once we no longer flush previuos state for each action */
+- if (action == DEVICE_ACTION_BIND || action == DEVICE_ACTION_UNBIND) {
+- static bool warned;
+- if (!warned) {
+- log_device_debug(device, "sd-device: ignoring actions 'bind' and 'unbind'");
+- warned = true;
+- }
+- return -EINVAL;
+- }
+ } else if (streq(key, "SEQNUM")) {
+ r = safe_atou64(value, &seqnum);
+ if (r < 0)
diff --git a/debian/patches/Revert-udevd-configure-a-child-process-name-for-worker-pr.patch b/debian/patches/Revert-udevd-configure-a-child-process-name-for-worker-pr.patch
new file mode 100644
index 0000000000000000000000000000000000000000..540d4c4658b411d65d34d795062b88af07cf1f58
--- /dev/null
+++ b/debian/patches/Revert-udevd-configure-a-child-process-name-for-worker-pr.patch
@@ -0,0 +1,25 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 22 Dec 2018 19:49:47 +0900
+Subject: Revert "udevd: configure a child process name for worker processes"
+
+This reverts commit 49f3ee7e74c714f55aab395c080b1099fc17f7fd.
+
+(cherry picked from commit ff86c92e3043f71fc801cf687600a480ee8f6778)
+(cherry picked from commit 77421020c9ab36c1e701901d7e72747ca98d3133)
+---
+ src/udev/udevd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index fb8724e..ec77bd4 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -534,7 +534,7 @@ static int worker_spawn(Manager *manager, struct event *event) {
+ if (r < 0)
+ return log_error_errno(r, "Worker: Failed to enable receiving of device: %m");
+
+- r = safe_fork("(worker)", FORK_DEATHSIG, &pid);
++ r = safe_fork(NULL, FORK_DEATHSIG, &pid);
+ if (r < 0) {
+ event->state = EVENT_QUEUED;
+ return log_error_errno(r, "Failed to fork() worker: %m");
diff --git a/debian/patches/ask-password-api-do-not-call-ask_password_keyring-if-keyn.patch b/debian/patches/ask-password-api-do-not-call-ask_password_keyring-if-keyn.patch
new file mode 100644
index 0000000000000000000000000000000000000000..22b2f42b3070c2bd2575faa0298821bac958342d
--- /dev/null
+++ b/debian/patches/ask-password-api-do-not-call-ask_password_keyring-if-keyn.patch
@@ -0,0 +1,26 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 30 Dec 2018 21:13:43 +0900
+Subject: ask-password-api: do not call ask_password_keyring() if keyname ==
+ NULL
+
+Fixes #11295.
+
+(cherry picked from commit 1f00998c8739ac6adc2b7623cc1e5a8f67d95d7d)
+(cherry picked from commit 095a38313daf043413c863634378c8ea7e5f6a09)
+---
+ src/shared/ask-password-api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
+index 246e27a..6a51c2e 100644
+--- a/src/shared/ask-password-api.c
++++ b/src/shared/ask-password-api.c
+@@ -341,7 +341,7 @@ int ask_password_tty(
+ goto finish;
+ }
+
+- if (notify >= 0 && pollfd[POLL_INOTIFY].revents != 0) {
++ if (notify >= 0 && pollfd[POLL_INOTIFY].revents != 0 && keyname) {
+ (void) flush_fd(notify);
+
+ r = ask_password_keyring(keyname, flags, ret);
diff --git a/debian/patches/basic-process-util-limit-command-line-lengths-to-_SC_ARG_.patch b/debian/patches/basic-process-util-limit-command-line-lengths-to-_SC_ARG_.patch
new file mode 100644
index 0000000000000000000000000000000000000000..231af18828c52b1015bbaabbea25e12fa22a37b4
--- /dev/null
+++ b/debian/patches/basic-process-util-limit-command-line-lengths-to-_SC_ARG_.patch
@@ -0,0 +1,157 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 18:48:23 +0100
+Subject: basic/process-util: limit command line lengths to _SC_ARG_MAX
+
+This affects systemd-journald and systemd-coredump.
+
+Example entry:
+$ journalctl -o export -n1 'MESSAGE=Something logged'
+__CURSOR=s=976542d120c649f494471be317829ef9;i=34e;b=4871e4c474574ce4a462dfe3f1c37f06;m=c7d0c37dd2;t=57c4ac58f3b98;x=67598e942bd23dc0
+__REALTIME_TIMESTAMP=1544035467475864
+__MONOTONIC_TIMESTAMP=858200964562
+_BOOT_ID=4871e4c474574ce4a462dfe3f1c37f06
+PRIORITY=6
+_UID=1000
+_GID=1000
+_CAP_EFFECTIVE=0
+_SELINUX_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
+_AUDIT_SESSION=1
+_AUDIT_LOGINUID=1000
+_SYSTEMD_OWNER_UID=1000
+_SYSTEMD_UNIT=user@1000.service
+_SYSTEMD_SLICE=user-1000.slice
+_SYSTEMD_USER_SLICE=-.slice
+_SYSTEMD_INVOCATION_ID=1c4a469986d448719cb0f9141a10810e
+_MACHINE_ID=08a5690a2eed47cf92ac0a5d2e3cf6b0
+_HOSTNAME=krowka
+_TRANSPORT=syslog
+SYSLOG_FACILITY=17
+SYSLOG_IDENTIFIER=syslog-caller
+MESSAGE=Something logged
+_COMM=poc
+_EXE=/home/zbyszek/src/systemd-work3/poc
+_SYSTEMD_CGROUP=/user.slice/user-1000.slice/user@1000.service/gnome-terminal-server.service
+_SYSTEMD_USER_UNIT=gnome-terminal-server.service
+SYSLOG_PID=4108
+SYSLOG_TIMESTAMP=Dec 5 19:44:27
+_PID=4108
+_CMDLINE=./poc AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>
+_SOURCE_REALTIME_TIMESTAMP=1544035467475848
+
+$ journalctl -o export -n1 'MESSAGE=Something logged' --output-fields=_CMDLINE|wc
+ 6 2053 2097410
+
+2MB might be hard for some clients to use meaningfully, but OTOH, it is
+important to log the full commandline sometimes. For example, when the program
+is crashing, the exact argument list is useful.
+
+(cherry picked from commit 2d5d2e0cc5171c6795d2a485841474345d9e30ab)
+(cherry picked from commit bcada1eb2f148e0712716d6095bb3a96e8153ec5)
+---
+ src/basic/process-util.c | 73 +++++++++++++++++-------------------------------
+ 1 file changed, 25 insertions(+), 48 deletions(-)
+
+diff --git a/src/basic/process-util.c b/src/basic/process-util.c
+index 4485034..31fdbd9 100644
+--- a/src/basic/process-util.c
++++ b/src/basic/process-util.c
+@@ -129,6 +129,13 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+
+ (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
+
++ if (max_length == 0) {
++ /* This is supposed to be a safety guard against runaway command lines. */
++ long l = sysconf(_SC_ARG_MAX);
++ assert(l > 0);
++ max_length = l;
++ }
++
+ if (max_length == 1) {
+
+ /* If there's only room for one byte, return the empty string */
+@@ -139,32 +146,6 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+ *line = ans;
+ return 0;
+
+- } else if (max_length == 0) {
+- size_t len = 0, allocated = 0;
+-
+- while ((c = getc(f)) != EOF) {
+-
+- if (!GREEDY_REALLOC(ans, allocated, len+3)) {
+- free(ans);
+- return -ENOMEM;
+- }
+-
+- if (isprint(c)) {
+- if (space) {
+- ans[len++] = ' ';
+- space = false;
+- }
+-
+- ans[len++] = c;
+- } else if (len > 0)
+- space = true;
+- }
+-
+- if (len > 0)
+- ans[len] = '\0';
+- else
+- ans = mfree(ans);
+-
+ } else {
+ bool dotdotdot = false;
+ size_t left;
+@@ -236,34 +217,30 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+ if (h < 0)
+ return h;
+
+- if (max_length == 0)
+- ans = strjoin("[", t, "]");
+- else {
+- size_t l;
++ size_t l = strlen(t);
+
+- l = strlen(t);
+-
+- if (l + 3 <= max_length)
+- ans = strjoin("[", t, "]");
+- else if (max_length <= 6) {
++ if (l + 3 <= max_length) {
++ ans = strjoin("[", t, "]");
++ if (!ans)
++ return -ENOMEM;
+
+- ans = new(char, max_length);
+- if (!ans)
+- return -ENOMEM;
++ } else if (max_length <= 6) {
++ ans = new(char, max_length);
++ if (!ans)
++ return -ENOMEM;
+
+- memcpy(ans, "[...]", max_length-1);
+- ans[max_length-1] = 0;
+- } else {
+- t[max_length - 6] = 0;
++ memcpy(ans, "[...]", max_length-1);
++ ans[max_length-1] = 0;
++ } else {
++ t[max_length - 6] = 0;
+
+- /* Chop off final spaces */
+- delete_trailing_chars(t, WHITESPACE);
++ /* Chop off final spaces */
++ delete_trailing_chars(t, WHITESPACE);
+
+- ans = strjoin("[", t, "...]");
+- }
++ ans = strjoin("[", t, "...]");
++ if (!ans)
++ return -ENOMEM;
+ }
+- if (!ans)
+- return -ENOMEM;
+ }
+
+ *line = ans;
diff --git a/debian/patches/core-free-lines-after-reading-them.patch b/debian/patches/core-free-lines-after-reading-them.patch
new file mode 100644
index 0000000000000000000000000000000000000000..fde1a928c97bea8a7c9487b3cc0f99e5421e9ec6
--- /dev/null
+++ b/debian/patches/core-free-lines-after-reading-them.patch
@@ -0,0 +1,29 @@
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Sun, 23 Dec 2018 15:01:03 +0100
+Subject: core: free lines after reading them
+
+Closes https://github.com/systemd/systemd/issues/11251.
+
+(cherry picked from commit 7334ade4a7e103b1a01d1c8fe1ea7c7a854a1c31)
+(cherry picked from commit 5fa79ab2eb900fc58824060e3dcf9508276c9047)
+---
+ src/core/manager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 35d9753..6086531 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -3243,11 +3243,11 @@ static int manager_deserialize_one_unit(Manager *m, const char *name, FILE *f, F
+ }
+
+ static int manager_deserialize_units(Manager *m, FILE *f, FDSet *fds) {
+- _cleanup_free_ char *line = NULL;
+ const char *unit_name;
+ int r;
+
+ for (;;) {
++ _cleanup_free_ char *line = NULL;
+ /* Start marker */
+ r = read_line(f, LONG_LINE_MAX, &line);
+ if (r < 0)
diff --git a/debian/patches/core-mount-make-mount_setup_existing_unit-not-drop-MOUNT_.patch b/debian/patches/core-mount-make-mount_setup_existing_unit-not-drop-MOUNT_.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6ae9994ab9cc4eeeb42eb2822091cfd032191cab
--- /dev/null
+++ b/debian/patches/core-mount-make-mount_setup_existing_unit-not-drop-MOUNT_.patch
@@ -0,0 +1,33 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 9 Jan 2019 03:35:55 +0900
+Subject: core/mount: make mount_setup_existing_unit() not drop
+ MOUNT_PROC_JUST_MOUNTED flag from units
+
+This fixes a bug introduced by ec88d1ea0591beccab97d9096fd3fd7b09bc823c.
+
+Fixes #11362.
+
+(cherry picked from commit d253a45e1c147f5174265d71d7419da7bd52a88b)
+(cherry picked from commit 27492fe33697c88b5452602604b0b28771bfd39f)
+---
+ src/core/mount.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index ead9bc1..4c5a029 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -1528,10 +1528,10 @@ static int mount_setup_existing_unit(
+ if (r > 0)
+ flags |= MOUNT_PROC_JUST_CHANGED;
+
+- if (!MOUNT(u)->from_proc_self_mountinfo) {
++ if (!MOUNT(u)->from_proc_self_mountinfo || FLAGS_SET(MOUNT(u)->proc_flags, MOUNT_PROC_JUST_MOUNTED))
+ flags |= MOUNT_PROC_JUST_MOUNTED;
+- MOUNT(u)->from_proc_self_mountinfo = true;
+- }
++
++ MOUNT(u)->from_proc_self_mountinfo = true;
+
+ if (IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_BAD_SETTING, UNIT_ERROR)) {
+ /* The unit was previously not found or otherwise not loaded. Now that the unit shows up in
diff --git a/debian/patches/coredump-fix-message-when-we-fail-to-save-a-journald-core.patch b/debian/patches/coredump-fix-message-when-we-fail-to-save-a-journald-core.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6646c92831b25c74dad1d981daa0927d530448c9
--- /dev/null
+++ b/debian/patches/coredump-fix-message-when-we-fail-to-save-a-journald-core.patch
@@ -0,0 +1,30 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 21:34:24 +0100
+Subject: coredump: fix message when we fail to save a journald coredump
+
+If creation of the message failed, we'd write a bogus entry:
+systemd-coredump[1400]: Cannot store coredump of 416 (systemd-journal): No space left on device
+systemd-coredump[1400]: MESSAGE=Process 416 (systemd-journal) of user 0 dumped core.
+systemd-coredump[1400]: Coredump diverted to
+
+(cherry picked from commit f0136e09221364f931c3a3b715da4e4d3ee9f2ac)
+(cherry picked from commit 3f11736ae9f336ddbc34ad395c9fe5c99139af39)
+---
+ src/coredump/coredump.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
+index db2cf64..516f63d 100644
+--- a/src/coredump/coredump.c
++++ b/src/coredump/coredump.c
+@@ -794,8 +794,8 @@ log:
+ core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID],
+ " (", context[CONTEXT_COMM], ") of user ",
+ context[CONTEXT_UID], " dumped core.",
+- journald_crash ? "\nCoredump diverted to " : NULL,
+- journald_crash ? filename : NULL);
++ journald_crash && filename ? "\nCoredump diverted to " : NULL,
++ journald_crash && filename ? filename : NULL);
+ if (!core_message)
+ return log_oom();
+
diff --git a/debian/patches/coredump-remove-duplicate-MESSAGE-prefix-from-message.patch b/debian/patches/coredump-remove-duplicate-MESSAGE-prefix-from-message.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0c076f49cc37a890ec66edf022af9f17f0436939
--- /dev/null
+++ b/debian/patches/coredump-remove-duplicate-MESSAGE-prefix-from-message.patch
@@ -0,0 +1,33 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 17:33:15 +0100
+Subject: coredump: remove duplicate MESSAGE= prefix from message
+
+systemd-coredump[9982]: MESSAGE=Process 771 (systemd-journal) of user 0 dumped core.
+systemd-coredump[9982]: Coredump diverted to /var/lib/systemd/coredump/core...
+
+log_dispatch() calls log_dispatch_internal() which calls write_to_journal()
+which appends MESSAGE= on its own.
+
+(cherry picked from commit 4f62556d71206ac814a020a954b397d4940e14c3)
+(cherry picked from commit 9f564b3f45008c1a178a186f944ddc7485614cd2)
+---
+ src/coredump/coredump.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
+index 0c888b2..20c1fb0 100644
+--- a/src/coredump/coredump.c
++++ b/src/coredump/coredump.c
+@@ -800,9 +800,10 @@ log:
+ return log_oom();
+
+ if (journald_crash) {
+- /* We cannot log to the journal, so just print the MESSAGE.
++ /* We cannot log to the journal, so just print the message.
+ * The target was set previously to something safe. */
+- log_dispatch(LOG_ERR, 0, core_message);
++ assert(startswith(core_message, "MESSAGE="));
++ log_dispatch(LOG_ERR, 0, core_message + strlen("MESSAGE="));
+ return 0;
+ }
+
diff --git a/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch b/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4794e9d3e1bd85bad37925fcd90053132c129b8e
--- /dev/null
+++ b/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch
@@ -0,0 +1,77 @@
+From: Martin Pitt <mpitt@debian.org>
+Date: Wed, 18 Jan 2017 11:21:35 +0100
+Subject: Add env variable for machine ID path
+
+During package build, in minimal chroots, or other systems which do not already
+have an /etc/machine-id we get six test failures. Introduce a
+$SYSTEMD_MACHINE_ID_PATH environment variable which can specify a location
+other than /etc/machine-id, so that the unit tests are independent from the
+environment.
+
+Also adjust test-fs-util to not assume that /etc/machine-id exists. Use
+/etc/passwd instead which is created by base-files.
+
+Closes: #851445
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62344
+---
+ src/libsystemd/sd-id128/sd-id128.c | 2 +-
+ src/test/test-fs-util.c | 11 +++++++----
+ 2 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/libsystemd/sd-id128/sd-id128.c b/src/libsystemd/sd-id128/sd-id128.c
+index 3593a71..ba61c45 100644
+--- a/src/libsystemd/sd-id128/sd-id128.c
++++ b/src/libsystemd/sd-id128/sd-id128.c
+@@ -88,7 +88,7 @@ _public_ int sd_id128_get_machine(sd_id128_t *ret) {
+ assert_return(ret, -EINVAL);
+
+ if (sd_id128_is_null(saved_machine_id)) {
+- r = id128_read("/etc/machine-id", ID128_PLAIN, &saved_machine_id);
++ r = id128_read(getenv("SYSTEMD_MACHINE_ID_PATH") ?: "/etc/machine-id", ID128_PLAIN, &saved_machine_id);
+ if (r < 0)
+ return r;
+
+diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
+index b3a4b17..5408892 100644
+--- a/src/test/test-fs-util.c
++++ b/src/test/test-fs-util.c
+@@ -185,7 +185,7 @@ static void test_chase_symlinks(void) {
+ assert_se(streq(result, "/test-chase.fsldajfl"));
+ result = mfree(result);
+
+- r = chase_symlinks("/etc/machine-id/foo", NULL, 0, &result);
++ r = chase_symlinks("/etc/passwd/foo", NULL, 0, &result);
+ assert_se(r == -ENOTDIR);
+ result = mfree(result);
+
+@@ -258,23 +258,26 @@ static void test_chase_symlinks(void) {
+ assert_se(chase_symlinks(q, NULL, CHASE_SAFE, NULL) >= 0);
+ }
+
+- p = strjoina(temp, "/machine-id-test");
+- assert_se(symlink("/usr/../etc/./machine-id", p) >= 0);
++ p = strjoina(temp, "/passwd-test");
++ assert_se(symlink("/usr/../etc/./passwd", p) >= 0);
+
+ pfd = chase_symlinks(p, NULL, CHASE_OPEN, NULL);
+ if (pfd != -ENOENT) {
+ _cleanup_close_ int fd = -1;
++/*
+ sd_id128_t a, b;
++*/
+
+ assert_se(pfd >= 0);
+
+ fd = fd_reopen(pfd, O_RDONLY|O_CLOEXEC);
+ assert_se(fd >= 0);
+ safe_close(pfd);
+-
++/*
+ assert_se(id128_read_fd(fd, ID128_PLAIN, &a) >= 0);
+ assert_se(sd_id128_get_machine(&b) >= 0);
+ assert_se(sd_id128_equal(a, b));
++*/
+ }
+
+ /* Test CHASE_NOFOLLOW */
diff --git a/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch b/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6ac1c00be49ef42e163f0779cdc758727292d3a1
--- /dev/null
+++ b/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch
@@ -0,0 +1,30 @@
+From: Julien Muchembled <jm@jmuchemb.eu>
+Date: Tue, 29 Apr 2014 11:40:50 +0200
+Subject: Add support for TuxOnIce hibernation
+
+systemd does not support non-mainline kernel features so upstream rejected this
+patch.
+It is however required for systemd integration by tuxonice-userui package.
+
+Forwarded: http://lists.freedesktop.org/archives/systemd-devel/2014-April/018960.html
+---
+ src/shared/sleep-config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c
+index 2e22bd0..b5050ea 100644
+--- a/src/shared/sleep-config.c
++++ b/src/shared/sleep-config.c
+@@ -267,6 +267,12 @@ static bool enough_swap_for_hibernation(void) {
+ if (getenv_bool("SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK") > 0)
+ return true;
+
++ /* TuxOnIce is an alternate implementation for hibernation.
++ * It can be configured to compress the image to a file or an inactive
++ * swap partition, so there's nothing more we can do here. */
++ if (access("/sys/power/tuxonice", F_OK) == 0)
++ return true;
++
+ r = find_hibernate_location(NULL, NULL, &size, &used);
+ if (r < 0)
+ return false;
diff --git a/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch b/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
new file mode 100644
index 0000000000000000000000000000000000000000..085bafd107118190a9b5b29b845b7c1c506e448c
--- /dev/null
+++ b/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
@@ -0,0 +1,24 @@
+From: Tollef Fog Heen <tfheen@err.no>
+Date: Tue, 5 Jun 2012 20:59:36 +0200
+Subject: Bring tmpfiles.d/tmp.conf in line with Debian defaults
+
+Closes: #675422
+---
+ tmpfiles.d/tmp.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
+index 22555a0..8fb117f 100644
+--- a/tmpfiles.d/tmp.conf
++++ b/tmpfiles.d/tmp.conf
+@@ -8,8 +8,8 @@
+ # See tmpfiles.d(5) for details
+
+ # Clear tmp directories separately, to make them easier to override
+-q /tmp 1777 root root 10d
+-q /var/tmp 1777 root root 30d
++D /tmp 1777 root root -
++#q /var/tmp 1777 root root 30d
+
+ # Exclude namespace mountpoints created with PrivateTmp=yes
+ x /tmp/systemd-private-%b-*
diff --git a/debian/patches/debian/Don-t-enable-audit-by-default.patch b/debian/patches/debian/Don-t-enable-audit-by-default.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3776dc8aa6a00f6ec85286dd17b93d339c12103d
--- /dev/null
+++ b/debian/patches/debian/Don-t-enable-audit-by-default.patch
@@ -0,0 +1,30 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Sun, 28 Dec 2014 12:49:35 +0100
+Subject: Don't enable audit by default
+
+It causes flooding of dmesg and syslog, suppressing actually important
+messages.
+
+Don't enable it for now, until a better solution is found:
+http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html
+
+Bug-Debian: https://bugs.debian.org/773528
+---
+ src/journal/journald-audit.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c
+index 345e43e..057b13f 100644
+--- a/src/journal/journald-audit.c
++++ b/src/journal/journald-audit.c
+@@ -536,10 +536,5 @@ int server_open_audit(Server *s) {
+ if (r < 0)
+ return log_error_errno(r, "Failed to add audit fd to event loop: %m");
+
+- /* We are listening now, try to enable audit */
+- r = enable_audit(s->audit_fd, true);
+- if (r < 0)
+- log_warning_errno(r, "Failed to issue audit enable call: %m");
+-
+ return 0;
+ }
diff --git a/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch b/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3ac8c831838c2dbea9979df4c822f8704c5cddd3
--- /dev/null
+++ b/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch
@@ -0,0 +1,31 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Wed, 18 Jul 2018 23:49:16 +0200
+Subject: Drop seccomp system call filter for udev
+
+The seccomp based system call whitelist requires at least systemd 239 to
+be the active init and during a dist-upgrade we can't guarantee that
+systemd has been fully configured before udev is restarted.
+
+This partially reverts upstream commit
+ee8f26180d01e3ddd4e5f20b03b81e5e737657ae.
+
+Once buster is released, this patch can be dropped.
+
+Closes: #903224
+---
+ units/systemd-udevd.service.in | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
+index 6a3814e..2b9fa69 100644
+--- a/units/systemd-udevd.service.in
++++ b/units/systemd-udevd.service.in
+@@ -29,8 +29,6 @@ PrivateMounts=yes
+ MemoryDenyWriteExecute=yes
+ RestrictRealtime=yes
+ RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
+-SystemCallFilter=@system-service @module @raw-io
+-SystemCallErrorNumber=EPERM
+ SystemCallArchitectures=native
+ LockPersonality=yes
+ IPAddressDeny=any
diff --git a/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch b/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d48d61c4ffaccaaf72923a4bc9a0ff38b8902fc2
--- /dev/null
+++ b/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch
@@ -0,0 +1,22 @@
+From: Iain Lane <iain@orangesquash.org.uk>
+Date: Mon, 22 Aug 2016 07:03:27 +0200
+Subject: Let graphical-session-pre.target be manually started
+
+This is needed until https://github.com/systemd/systemd/issues/3750 is fixed.
+
+Forwarded: not-needed
+Bug-Ubuntu: https://launchpad.net/bugs/1615341
+---
+ units/user/graphical-session-pre.target | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/units/user/graphical-session-pre.target b/units/user/graphical-session-pre.target
+index 3adfc5a..c4e1001 100644
+--- a/units/user/graphical-session-pre.target
++++ b/units/user/graphical-session-pre.target
+@@ -12,5 +12,4 @@ Description=Session services which should run early before the graphical session
+ Documentation=man:systemd.special(7)
+ Requires=basic.target
+ Before=graphical-session.target
+-RefuseManualStart=yes
+ StopWhenUnneeded=yes
diff --git a/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f53f723b14e0aef229ef1d544fbddb1f3c2b50b9
--- /dev/null
+++ b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch
@@ -0,0 +1,42 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Fri, 5 Sep 2014 01:15:16 +0200
+Subject: Make /run/lock tmpfs an API fs
+
+The /run/lock directory is world-writable in Debian due to historic
+reasons. To avoid user processes filling up /run, we mount a separate
+tmpfs for /run/lock. As this directory needs to be available during
+early boot, we make it an API fs.
+
+Drop it from tmpfiles.d/legacy.conf to not clobber the permissions.
+
+Closes: #751392
+---
+ src/core/mount-setup.c | 2 ++
+ tmpfiles.d/legacy.conf | 1 -
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
+index 3ce6164..3aae4c8 100644
+--- a/src/core/mount-setup.c
++++ b/src/core/mount-setup.c
+@@ -83,6 +83,8 @@ static const MountPoint mount_table[] = {
+ #endif
+ { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+ NULL, MNT_FATAL|MNT_IN_CONTAINER },
++ { "tmpfs", "/run/lock", "tmpfs", "mode=1777,size=5242880", MS_NOSUID|MS_NODEV|MS_NOEXEC,
++ NULL, MNT_FATAL|MNT_IN_CONTAINER },
+ { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE },
+ { "cgroup2", "/sys/fs/cgroup", "cgroup2", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+diff --git a/tmpfiles.d/legacy.conf b/tmpfiles.d/legacy.conf
+index 62e2ae0..ea5e735 100644
+--- a/tmpfiles.d/legacy.conf
++++ b/tmpfiles.d/legacy.conf
+@@ -10,7 +10,6 @@
+ # These files are considered legacy and are unnecessary on legacy-free
+ # systems.
+
+-d /run/lock 0755 root root -
+ L /var/lock - - - - ../run/lock
+
+ # /run/lock/subsys is used for serializing SysV service execution, and
diff --git a/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch b/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7b1103e12f96366806e46f52fcda290421ba8671
--- /dev/null
+++ b/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch
@@ -0,0 +1,24 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Mon, 9 Feb 2015 10:53:43 +0100
+Subject: Only start logind if dbus is installed
+
+logind fails to start in environments without dbus, such as LXC containers or
+servers. Add a startup condition to avoid the very noisy startup failure.
+
+Part of #772700
+---
+ units/systemd-logind.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
+index 38a7f26..16f1d9d 100644
+--- a/units/systemd-logind.service.in
++++ b/units/systemd-logind.service.in
+@@ -14,6 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/logind
+ Documentation=https://www.freedesktop.org/wiki/Software/systemd/multiseat
+ Wants=user.slice
+ After=nss-user-lookup.target user.slice
++ConditionPathExists=/lib/systemd/system/dbus.service
+
+ # Ask for the dbus socket.
+ Wants=dbus.socket
diff --git a/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch b/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch
new file mode 100644
index 0000000000000000000000000000000000000000..56c69ea9b7a19fcca37c16a0a3998ba5657bc4ba
--- /dev/null
+++ b/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch
@@ -0,0 +1,56 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Fri, 28 Nov 2014 14:43:25 +0100
+Subject: Re-enable journal forwarding to syslog
+
+Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers
+can/do all read from the journal directly. See
+
+ http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html
+
+for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved
+to pulling from the journal one by one and disable forwarding again in such a
+conf.d snippet.
+---
+ man/journald.conf.xml | 2 +-
+ src/journal/journald-server.c | 1 +
+ src/journal/journald.conf | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/man/journald.conf.xml b/man/journald.conf.xml
+index ed874aa..6bb0605 100644
+--- a/man/journald.conf.xml
++++ b/man/journald.conf.xml
+@@ -296,7 +296,7 @@
+ the system console, or sent as wall messages to all logged-in users. These
+ options take boolean arguments. If forwarding to syslog is enabled but nothing
+ reads messages from the socket, forwarding to syslog has no effect. By default,
+- only forwarding to wall is enabled. These settings may be overridden at boot time
++ only forwarding to syslog and wall is enabled. These settings may be overridden at boot time
+ with the kernel command line options
+ <literal>systemd.journald.forward_to_syslog</literal>,
+ <literal>systemd.journald.forward_to_kmsg</literal>,
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 2a960eb..7fe0f82 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -1835,6 +1835,7 @@ int server_init(Server *s) {
+ s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
+ s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
+
++ s->forward_to_syslog = true;
+ s->forward_to_wall = true;
+
+ s->max_file_usec = DEFAULT_MAX_FILE_USEC;
+diff --git a/src/journal/journald.conf b/src/journal/journald.conf
+index 2f1c661..8951d9e 100644
+--- a/src/journal/journald.conf
++++ b/src/journal/journald.conf
+@@ -29,7 +29,7 @@
+ #RuntimeMaxFiles=100
+ #MaxRetentionSec=
+ #MaxFileSec=1month
+-#ForwardToSyslog=no
++#ForwardToSyslog=yes
+ #ForwardToKMsg=no
+ #ForwardToConsole=no
+ #ForwardToWall=yes
diff --git a/debian/patches/debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch b/debian/patches/debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4e9940d6d1c00eec549815a13748d3138630cca1
--- /dev/null
+++ b/debian/patches/debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch
@@ -0,0 +1,56 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Mon, 9 May 2016 21:24:38 +0200
+Subject: Revert "core: enable TasksMax= for all services by default,
+ and set it to 512"
+
+This reverts commit 9ded9cd14cc03c67291b10a5c42ce5094ba0912f.
+
+Introducing a default limit on number of threads broke a lot of software which
+regularly needs more, such as MySQL and RabbitMQ, or services that spawn off an
+indefinite number of subtasks that are not in a scope, like LXC or cron.
+
+15% is way too much for most "simple" services, and it's too little for others
+such as the ones mentioned above. There is also no particular rationale about
+any particular global limit, so even if we'd bump it higher we'd just make the
+limit even less useful while still breaking software.
+
+It is both much safer and also much more effective in terms of guarding against
+berserk programs/bugs/unintended fork bombs etc. to set limits in units
+individually. Once someone looks at one, this is then a great time to also flip
+on the other resource and privilege limitations that systemd offers.
+
+Bug: https://github.com/systemd/systemd/issues/3211
+Bug-Debian: https://bugs.debian.org/823530
+Bug-Ubuntu: https://launchpad.net/bugs/1578080
+---
+ man/systemd-system.conf.xml | 3 +--
+ src/core/system.conf.in | 2 +-
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
+index 35da82a..daf3d15 100644
+--- a/man/systemd-system.conf.xml
++++ b/man/systemd-system.conf.xml
+@@ -318,8 +318,7 @@
+ <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
+ <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details. This setting applies to all unit types that support resource control settings, with the exception
+- of slice units. Defaults to 15%, which equals 4915 with the kernel's defaults on the host, but might be smaller
+- in OS containers.</para></listitem>
++ of slice units.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+diff --git a/src/core/system.conf.in b/src/core/system.conf.in
+index 0a58737..97ecd75 100644
+--- a/src/core/system.conf.in
++++ b/src/core/system.conf.in
+@@ -45,7 +45,7 @@
+ #DefaultBlockIOAccounting=no
+ #DefaultMemoryAccounting=@MEMORY_ACCOUNTING_DEFAULT@
+ #DefaultTasksAccounting=yes
+-#DefaultTasksMax=15%
++#DefaultTasksMax=
+ #DefaultLimitCPU=
+ #DefaultLimitFSIZE=
+ #DefaultLimitDATA=
diff --git a/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch b/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c8c61f4a827cac013936d28666f490443f34b602
--- /dev/null
+++ b/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch
@@ -0,0 +1,37 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Mon, 27 Apr 2015 15:29:13 +0200
+Subject: Revert "core: one step back again,
+ for nspawn we actually can't wait for cgroups running empty since systemd
+ will get exactly zero notifications about it"
+
+This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7.
+
+Bug-Debian: https://bugs.debian.org/784720
+Bug-Ubuntu: https://launchpad.net/bugs/1448259
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1141137
+---
+ src/core/unit.c | 11 +----------
+ 1 file changed, 1 insertion(+), 10 deletions(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 24b14fb..694df72 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -4553,16 +4553,7 @@ int unit_kill_context(
+
+ } else if (r > 0) {
+
+- /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
+- * we are running in a container or if this is a delegation unit, simply because cgroup
+- * notification is unreliable in these cases. It doesn't work at all in containers, and outside
+- * of containers it can be confused easily by left-over directories in the cgroup — which
+- * however should not exist in non-delegated units. On the unified hierarchy that's different,
+- * there we get proper events. Hence rely on them. */
+-
+- if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
+- (detect_container() == 0 && !unit_cgroup_delegate(u)))
+- wait_for_exit = true;
++ wait_for_exit = true;
+
+ if (send_sighup) {
+ set_free(pid_set);
diff --git a/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3c30bdb351af7056ea18b4d0a7c9e3654f91bb0f
--- /dev/null
+++ b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
@@ -0,0 +1,43 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Sat, 27 Feb 2016 12:27:06 +0100
+Subject: Revert "core: set RLIMIT_CORE to unlimited by default"
+
+Partially revert commit 15a900327ab as this completely breaks core dumps
+without systemd-coredump. It's also contradicting core(8), and it's not
+systemd's place to redefine the kernel definitions of core files.
+
+Commit bdfd7b2c now honours the process' RLIMIT_CORE for systemd-coredump. This
+isn't what RLIMIT_CORE is supposed to do (it limits the size of the core
+*file*, but the kernel deliberately ignores it for piping), so set a static
+2^63 core size limit for systemd-coredump to go back to the previous behaviour
+(otherwise the change above would break systemd-coredump).
+
+Bug-Debian: https://bugs.debian.org/815020
+---
+ src/core/main.c | 2 --
+ sysctl.d/50-coredump.conf.in | 2 +-
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/core/main.c b/src/core/main.c
+index 839dc06..77b03f1 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -2401,8 +2401,6 @@ int main(int argc, char *argv[]) {
+ kernel_timestamp = DUAL_TIMESTAMP_NULL;
+ }
+
+- initialize_coredump(skip_setup);
+-
+ r = fixup_environment();
+ if (r < 0) {
+ log_emergency_errno(r, "Failed to fix up PID 1 environment: %m");
+diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in
+index ccd5c2c..53e74a1 100644
+--- a/sysctl.d/50-coredump.conf.in
++++ b/sysctl.d/50-coredump.conf.in
+@@ -9,4 +9,4 @@
+ # and systemd-coredump(8) and core(5) for the explanation of the
+ # setting below.
+
+-kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h %e
++kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t 9223372036854775808 %h %e
diff --git a/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch b/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e8bf17b8007ee8d0a886236d5123a9a04baf2d07
--- /dev/null
+++ b/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch
@@ -0,0 +1,89 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 18 Jul 2013 01:04:07 +0200
+Subject: Revert "udev: network device renaming - immediately give up if the
+ target name isn't available"
+
+This reverts commit 97595710b77aa162ca5e20da57d0a1ed7355eaad.
+
+We need to keep supporting systems with 75-persistent-net-generator.rules
+generated names for a while after switching to net.ifnames. Re-apply this old
+hack to make the renaming less likely to fail.
+---
+ src/udev/udev-event.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 46 insertions(+), 5 deletions(-)
+
+diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
+index 07b7365..f67b295 100644
+--- a/src/udev/udev-event.c
++++ b/src/udev/udev-event.c
+@@ -680,6 +680,7 @@ static int rename_netif(UdevEvent *event) {
+ const char *action, *oldname;
+ char name[IFNAMSIZ];
+ int ifindex, r;
++ int loop;
+
+ if (!event->name)
+ return 0; /* No new name is requested. */
+@@ -705,17 +706,57 @@ static int rename_netif(UdevEvent *event) {
+ return log_device_error_errno(dev, r, "Failed to get ifindex: %m");
+
+ strscpy(name, IFNAMSIZ, event->name);
++
+ r = rtnl_set_link_name(&event->rtnl, ifindex, name);
+- if (r < 0)
+- return log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m", ifindex, oldname, name);
++ if (r >= 0) {
++ r = device_rename(dev, event->name);
++ if (r < 0)
++ return log_warning_errno(r, "Network interface %i is renamed from '%s' to '%s', but could not update sd_device object: %m", ifindex, oldname, name);
++
++ log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name);
++
++ return 1;
++ }
++
++ /* keep trying if the destination interface name already exists */
++ if (r != -EEXIST)
++ goto out;
+
+- r = device_rename(dev, event->name);
++ /* free our own name, another process may wait for us */
++ snprintf(name, IFNAMSIZ, "rename%u", ifindex);
++ r = rtnl_set_link_name(&event->rtnl, ifindex, name);
+ if (r < 0)
+- return log_warning_errno(r, "Network interface %i is renamed from '%s' to '%s', but could not update sd_device object: %m", ifindex, oldname, name);
++ goto out;
+
++ /* log temporary name */
+ log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name);
+
+- return 1;
++ /* wait a maximum of 90 seconds for our target to become available */
++ strscpy(name, IFNAMSIZ, event->name);
++ loop = 90 * 20;
++ while (loop--) {
++ const struct timespec duration = { 0, 1000 * 1000 * 1000 / 20 };
++
++ nanosleep(&duration, NULL);
++
++ r = rtnl_set_link_name(&event->rtnl, ifindex, name);
++ if (r >= 0) {
++ r = device_rename(dev, event->name);
++ if (r < 0)
++ return log_warning_errno(r, "Network interface %i is renamed from '%s' to '%s', but could not update sd_device object: %m", ifindex, oldname, name);
++
++ log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name);
++
++ return 1;
++ }
++ if (r != -EEXIST)
++ goto out;
++ }
++
++out:
++ if (r < 0)
++ return log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m", ifindex, oldname, name);
++ return r;
+ }
+
+ static int update_devnode(UdevEvent *event) {
diff --git a/debian/patches/debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch b/debian/patches/debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch
new file mode 100644
index 0000000000000000000000000000000000000000..54066bddc1b580950539f85a4394215577b79d74
--- /dev/null
+++ b/debian/patches/debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch
@@ -0,0 +1,82 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Sun, 17 Dec 2017 00:31:20 +0100
+Subject: Revert "udev-rules: Permission changes for /dev/dri/renderD*"
+
+This would introduce a new system group "render". As the name is rather
+generic, this needs further discussion first, so revert this change for
+now.
+
+This reverts commit 4e15a7343cb389e97f3eb4f49699161862d8b8b2.
+---
+ meson.build | 2 --
+ meson_options.txt | 2 --
+ rules/50-udev-default.rules.in | 5 +----
+ src/login/70-uaccess.rules.m4 | 2 +-
+ 4 files changed, 2 insertions(+), 9 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index a87bb57..8072f52 100644
+--- a/meson.build
++++ b/meson.build
+@@ -808,7 +808,6 @@ conf.set10('ENABLE_WHEEL_GROUP', get_option('wheel-group'))
+ dev_kvm_mode = get_option('dev-kvm-mode')
+ substs.set('DEV_KVM_MODE', dev_kvm_mode)
+ conf.set10('DEV_KVM_UACCESS', dev_kvm_mode != '0666')
+-substs.set('GROUP_RENDER_MODE', get_option('group-render-mode'))
+
+ kill_user_processes = get_option('default-kill-user-processes')
+ conf.set10('KILL_USER_PROCESSES', kill_user_processes)
+@@ -3087,7 +3086,6 @@ status = [
+ 'minimum container UID base: @0@'.format(container_uid_base_min),
+ 'maximum container UID base: @0@'.format(container_uid_base_max),
+ '/dev/kvm access mode: @0@'.format(get_option('dev-kvm-mode')),
+- 'render group access mode: @0@'.format(get_option('group-render-mode')),
+ 'certificate root directory: @0@'.format(get_option('certificate-root')),
+ 'support URL: @0@'.format(support_url),
+ 'nobody user name: @0@'.format(nobody_user),
+diff --git a/meson_options.txt b/meson_options.txt
+index 1423b89..aba9d8f 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -189,8 +189,6 @@ option('nobody-group', type : 'string',
+ value : 'nobody')
+ option('dev-kvm-mode', type : 'string', value : '0666',
+ description : '/dev/kvm access mode')
+-option('group-render-mode', type : 'string', value : '0666',
+- description : 'Access mode for devices owned by render group (e.g. /dev/dri/renderD*, /dev/kfd).')
+ option('default-kill-user-processes', type : 'boolean',
+ description : 'the default value for KillUserProcesses= setting')
+ option('gshadow', type : 'boolean',
+diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in
+index 191f56f..63aa3db 100644
+--- a/rules/50-udev-default.rules.in
++++ b/rules/50-udev-default.rules.in
+@@ -31,14 +31,11 @@ SUBSYSTEM=="input", KERNEL=="js[0-9]*", MODE="0664"
+
+ SUBSYSTEM=="video4linux", GROUP="video"
+ SUBSYSTEM=="graphics", GROUP="video"
+-SUBSYSTEM=="drm", KERNEL!="renderD*", GROUP="video"
++SUBSYSTEM=="drm", GROUP="video"
+ SUBSYSTEM=="dvb", GROUP="video"
+ SUBSYSTEM=="media", GROUP="video"
+ SUBSYSTEM=="cec", GROUP="video"
+
+-SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="render", MODE="@GROUP_RENDER_MODE@"
+-SUBSYSTEM=="kfd", GROUP="render", MODE="@GROUP_RENDER_MODE@"
+-
+ SUBSYSTEM=="sound", GROUP="audio", \
+ OPTIONS+="static_node=snd/seq", OPTIONS+="static_node=snd/timer"
+
+diff --git a/src/login/70-uaccess.rules.m4 b/src/login/70-uaccess.rules.m4
+index d55e5bf..e46cacb 100644
+--- a/src/login/70-uaccess.rules.m4
++++ b/src/login/70-uaccess.rules.m4
+@@ -45,7 +45,7 @@ SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="uaccess"
+ SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="uaccess"
+
+ # DRI video devices
+-SUBSYSTEM=="drm", KERNEL=="card*", TAG+="uaccess"
++SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess"
+ m4_ifdef(`DEV_KVM_UACCESS',``
+ # KVM
+ SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess"''
diff --git a/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch b/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d844cbe276d32c7a608af3ba9248a1e11a9851f2
--- /dev/null
+++ b/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch
@@ -0,0 +1,57 @@
+From: Nis Martensen <nis.martensen@web.de>
+Date: Tue, 19 Jan 2016 22:01:43 +0100
+Subject: Skip filesystem check if already done by the initramfs
+
+Newer versions of initramfs-tools already fsck and mount / and /usr in
+the initramfs. Skip the filesystem check in this case.
+
+Based on a previous patch by Michael Biebl <biebl@debian.org>.
+
+Closes: #782522
+Closes: #810748
+---
+ src/fstab-generator/fstab-generator.c | 11 ++++++++---
+ units/systemd-fsck-root.service.in | 1 +
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
+index 55a8242..777ae5f 100644
+--- a/src/fstab-generator/fstab-generator.c
++++ b/src/fstab-generator/fstab-generator.c
+@@ -310,6 +310,7 @@ static int add_mount(
+ *where_escaped = NULL;
+ _cleanup_fclose_ FILE *f = NULL;
+ int r;
++ struct stat sb;
+
+ assert(what);
+ assert(where);
+@@ -387,9 +388,13 @@ static int add_mount(
+ }
+
+ if (passno != 0) {
+- r = generator_write_fsck_deps(f, dest, what, where, fstype);
+- if (r < 0)
+- return r;
++ if (streq(where, "/usr") && stat("/run/initramfs/fsck-usr", &sb) == 0)
++ ; /* skip /usr fsck if it has already been checked in the initramfs */
++ else {
++ r = generator_write_fsck_deps(f, dest, what, where, fstype);
++ if (r < 0)
++ return r;
++ }
+ }
+
+ fprintf(f, "\n[Mount]\n");
+diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in
+index bea6c16..49df031 100644
+--- a/units/systemd-fsck-root.service.in
++++ b/units/systemd-fsck-root.service.in
+@@ -16,6 +16,7 @@ Before=local-fs.target shutdown.target
+ Wants=systemd-fsckd.socket
+ After=systemd-fsckd.socket
+ ConditionPathIsReadWrite=!/
++ConditionPathExists=!/run/initramfs/fsck-root
+
+ [Service]
+ Type=oneshot
diff --git a/debian/patches/debian/Use-Debian-specific-config-files.patch b/debian/patches/debian/Use-Debian-specific-config-files.patch
new file mode 100644
index 0000000000000000000000000000000000000000..678e2ba0af400da378bb1d3a3610249702633a96
--- /dev/null
+++ b/debian/patches/debian/Use-Debian-specific-config-files.patch
@@ -0,0 +1,428 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 18 Jul 2013 20:11:02 +0200
+Subject: Use Debian specific config files
+
+Use /etc/default/locale instead of /etc/locale.conf for locale settings.
+
+Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for
+keyboard configuration.
+
+Read/write /etc/timezone if /etc/localtime does not exist.
+---
+ src/basic/time-util.c | 21 ++++-
+ src/core/locale-setup.c | 21 +++++
+ src/locale/keymap-util.c | 209 +++++++++++++++++++++++------------------------
+ src/timedate/timedated.c | 10 +++
+ 4 files changed, 154 insertions(+), 107 deletions(-)
+
+diff --git a/src/basic/time-util.c b/src/basic/time-util.c
+index 557c75d..ea5f6a4 100644
+--- a/src/basic/time-util.c
++++ b/src/basic/time-util.c
+@@ -1382,8 +1382,25 @@ int get_timezone(char **tz) {
+ int r;
+
+ r = readlink_malloc("/etc/localtime", &t);
+- if (r < 0)
+- return r; /* returns EINVAL if not a symlink */
++ if (r < 0) {
++ if (r != -EINVAL)
++ return r; /* returns EINVAL if not a symlink */
++
++ r = read_one_line_file("/etc/timezone", &t);
++ if (r < 0) {
++ if (r != -ENOENT)
++ log_warning_errno(r, "Failed to read /etc/timezone: %m");
++ return -EINVAL;
++ }
++
++ if (!timezone_is_valid(t, LOG_DEBUG))
++ return -EINVAL;
++ z = strdup(t);
++ if (!z)
++ return -ENOMEM;
++ *tz = z;
++ return 0;
++ }
+
+ e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/");
+ if (!e)
+diff --git a/src/core/locale-setup.c b/src/core/locale-setup.c
+index 584fb22..bb8e17f 100644
+--- a/src/core/locale-setup.c
++++ b/src/core/locale-setup.c
+@@ -59,6 +59,27 @@ int locale_setup(char ***environment) {
+ log_warning_errno(r, "Failed to read /etc/locale.conf: %m");
+ }
+
++ if (r <= 0) {
++ r = parse_env_file(NULL, "/etc/default/locale",
++ "LANG", &variables[VARIABLE_LANG],
++ "LANGUAGE", &variables[VARIABLE_LANGUAGE],
++ "LC_CTYPE", &variables[VARIABLE_LC_CTYPE],
++ "LC_NUMERIC", &variables[VARIABLE_LC_NUMERIC],
++ "LC_TIME", &variables[VARIABLE_LC_TIME],
++ "LC_COLLATE", &variables[VARIABLE_LC_COLLATE],
++ "LC_MONETARY", &variables[VARIABLE_LC_MONETARY],
++ "LC_MESSAGES", &variables[VARIABLE_LC_MESSAGES],
++ "LC_PAPER", &variables[VARIABLE_LC_PAPER],
++ "LC_NAME", &variables[VARIABLE_LC_NAME],
++ "LC_ADDRESS", &variables[VARIABLE_LC_ADDRESS],
++ "LC_TELEPHONE", &variables[VARIABLE_LC_TELEPHONE],
++ "LC_MEASUREMENT", &variables[VARIABLE_LC_MEASUREMENT],
++ "LC_IDENTIFICATION", &variables[VARIABLE_LC_IDENTIFICATION]);
++
++ if (r < 0 && r != -ENOENT)
++ log_warning_errno(r, "Failed to read /etc/default/locale: %m");
++ }
++
+ for (i = 0; i < _VARIABLE_LC_MAX; i++) {
+ char *s;
+
+diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c
+index 6b6b32a..cb63d45 100644
+--- a/src/locale/keymap-util.c
++++ b/src/locale/keymap-util.c
+@@ -95,6 +95,7 @@ void locale_simplify(char *locale[_VARIABLE_LC_MAX]) {
+ int locale_read_data(Context *c, sd_bus_message *m) {
+ struct stat st;
+ int r;
++ const char *path = "/etc/locale.conf";
+
+ /* Do not try to re-read the file within single bus operation. */
+ if (m) {
+@@ -105,7 +106,11 @@ int locale_read_data(Context *c, sd_bus_message *m) {
+ c->locale_cache = sd_bus_message_ref(m);
+ }
+
+- r = stat("/etc/locale.conf", &st);
++ r = stat(path, &st);
++ if (r < 0 && errno == ENOENT) {
++ path = "/etc/default/locale";
++ r = stat(path, &st);
++ }
+ if (r < 0 && errno != ENOENT)
+ return -errno;
+
+@@ -120,7 +125,7 @@ int locale_read_data(Context *c, sd_bus_message *m) {
+ c->locale_mtime = t;
+ context_free_locale(c);
+
+- r = parse_env_file(NULL, "/etc/locale.conf",
++ r = parse_env_file(NULL, path,
+ "LANG", &c->locale[VARIABLE_LANG],
+ "LANGUAGE", &c->locale[VARIABLE_LANGUAGE],
+ "LC_CTYPE", &c->locale[VARIABLE_LC_CTYPE],
+@@ -201,8 +206,6 @@ int vconsole_read_data(Context *c, sd_bus_message *m) {
+ }
+
+ int x11_read_data(Context *c, sd_bus_message *m) {
+- _cleanup_fclose_ FILE *f = NULL;
+- bool in_section = false;
+ struct stat st;
+ usec_t t;
+ int r;
+@@ -216,7 +219,7 @@ int x11_read_data(Context *c, sd_bus_message *m) {
+ c->x11_cache = sd_bus_message_ref(m);
+ }
+
+- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) < 0) {
++ if (stat("/etc/default/keyboard", &st) < 0) {
+ if (errno != ENOENT)
+ return -errno;
+
+@@ -233,61 +236,14 @@ int x11_read_data(Context *c, sd_bus_message *m) {
+ c->x11_mtime = t;
+ context_free_x11(c);
+
+- f = fopen("/etc/X11/xorg.conf.d/00-keyboard.conf", "re");
+- if (!f)
+- return -errno;
+-
+- for (;;) {
+- _cleanup_free_ char *line = NULL;
+- char *l;
+-
+- r = read_line(f, LONG_LINE_MAX, &line);
+- if (r < 0)
+- return r;
+- if (r == 0)
+- break;
+-
+- l = strstrip(line);
+- if (IN_SET(l[0], 0, '#'))
+- continue;
+-
+- if (in_section && first_word(l, "Option")) {
+- _cleanup_strv_free_ char **a = NULL;
+-
+- r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES);
+- if (r < 0)
+- return r;
+-
+- if (strv_length(a) == 3) {
+- char **p = NULL;
+-
+- if (streq(a[1], "XkbLayout"))
+- p = &c->x11_layout;
+- else if (streq(a[1], "XkbModel"))
+- p = &c->x11_model;
+- else if (streq(a[1], "XkbVariant"))
+- p = &c->x11_variant;
+- else if (streq(a[1], "XkbOptions"))
+- p = &c->x11_options;
+-
+- if (p) {
+- free_and_replace(*p, a[2]);
+- }
+- }
++ r = parse_env_file(NULL, "/etc/default/keyboard",
++ "XKBMODEL", &c->x11_model,
++ "XKBLAYOUT", &c->x11_layout,
++ "XKBVARIANT", &c->x11_variant,
++ "XKBOPTIONS", &c->x11_options);
+
+- } else if (!in_section && first_word(l, "Section")) {
+- _cleanup_strv_free_ char **a = NULL;
+-
+- r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES);
+- if (r < 0)
+- return -ENOMEM;
+-
+- if (strv_length(a) == 2 && streq(a[1], "InputClass"))
+- in_section = true;
+-
+- } else if (in_section && first_word(l, "EndSection"))
+- in_section = false;
+- }
++ if (r < 0)
++ return r;
+
+ return 0;
+ }
+@@ -296,9 +252,18 @@ int locale_write_data(Context *c, char ***settings) {
+ _cleanup_strv_free_ char **l = NULL;
+ struct stat st;
+ int r, p;
++ const char *path = "/etc/locale.conf";
+
+ /* Set values will be returned as strv in *settings on success. */
+
++ r = load_env_file(NULL, path, &l);
++ if (r < 0 && r == -ENOENT) {
++ path = "/etc/default/locale";
++ r = load_env_file(NULL, path, &l);
++ }
++ if (r < 0 && r != -ENOENT)
++ return r;
++
+ for (p = 0; p < _VARIABLE_LC_MAX; p++) {
+ _cleanup_free_ char *t = NULL;
+ char **u;
+@@ -321,20 +286,20 @@ int locale_write_data(Context *c, char ***settings) {
+ }
+
+ if (strv_isempty(l)) {
+- if (unlink("/etc/locale.conf") < 0)
++ if (unlink(path) < 0)
+ return errno == ENOENT ? 0 : -errno;
+
+ c->locale_mtime = USEC_INFINITY;
+ return 0;
+ }
+
+- r = write_env_file_label("/etc/locale.conf", l);
++ r = write_env_file_label(path, l);
+ if (r < 0)
+ return r;
+
+ *settings = TAKE_PTR(l);
+
+- if (stat("/etc/locale.conf", &st) >= 0)
++ if (stat(path, &st) >= 0)
+ c->locale_mtime = timespec_load(&st.st_mtim);
+
+ return 0;
+@@ -402,70 +367,104 @@ int vconsole_write_data(Context *c) {
+ }
+
+ int x11_write_data(Context *c) {
+- _cleanup_fclose_ FILE *f = NULL;
+- _cleanup_free_ char *temp_path = NULL;
+ struct stat st;
+ int r;
++ char *t, **u, **l = NULL;
+
+- if (isempty(c->x11_layout) &&
+- isempty(c->x11_model) &&
+- isempty(c->x11_variant) &&
+- isempty(c->x11_options)) {
++ r = load_env_file(NULL, "/etc/default/keyboard", &l);
++ if (r < 0 && r != -ENOENT)
++ return r;
+
+- if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0)
+- return errno == ENOENT ? 0 : -errno;
++ /* This could perhaps be done more elegantly using an array
++ * like we do for the locale, instead of struct
++ */
++ if (isempty(c->x11_layout)) {
++ l = strv_env_unset(l, "XKBLAYOUT");
++ } else {
++ if (asprintf(&t, "XKBLAYOUT=%s", c->x11_layout) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
+
+- c->vc_mtime = USEC_INFINITY;
+- return 0;
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
++
++ if (!u)
++ return -ENOMEM;
++
++ l = u;
+ }
+
+- mkdir_p_label("/etc/X11/xorg.conf.d", 0755);
++ if (isempty(c->x11_model)) {
++ l = strv_env_unset(l, "XKBMODEL");
++ } else {
++ if (asprintf(&t, "XKBMODEL=%s", c->x11_model) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
++
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
+
+- r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path);
+- if (r < 0)
+- return r;
++ if (!u)
++ return -ENOMEM;
+
+- (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
+- (void) fchmod(fileno(f), 0644);
++ l = u;
++ }
+
+- fputs("# Written by systemd-localed(8), read by systemd-localed and Xorg. It's\n"
+- "# probably wise not to edit this file manually. Use localectl(1) to\n"
+- "# instruct systemd-localed to update it.\n"
+- "Section \"InputClass\"\n"
+- " Identifier \"system-keyboard\"\n"
+- " MatchIsKeyboard \"on\"\n", f);
++ if (isempty(c->x11_variant)) {
++ l = strv_env_unset(l, "XKBVARIANT");
++ } else {
++ if (asprintf(&t, "XKBVARIANT=%s", c->x11_variant) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
+
+- if (!isempty(c->x11_layout))
+- fprintf(f, " Option \"XkbLayout\" \"%s\"\n", c->x11_layout);
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
+
+- if (!isempty(c->x11_model))
+- fprintf(f, " Option \"XkbModel\" \"%s\"\n", c->x11_model);
++ if (!u)
++ return -ENOMEM;
+
+- if (!isempty(c->x11_variant))
+- fprintf(f, " Option \"XkbVariant\" \"%s\"\n", c->x11_variant);
++ l = u;
++ }
+
+- if (!isempty(c->x11_options))
+- fprintf(f, " Option \"XkbOptions\" \"%s\"\n", c->x11_options);
++ if (isempty(c->x11_options)) {
++ l = strv_env_unset(l, "XKBOPTIONS");
++ } else {
++ if (asprintf(&t, "XKBOPTIONS=%s", c->x11_options) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
+
+- fputs("EndSection\n", f);
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
+
+- r = fflush_sync_and_check(f);
+- if (r < 0)
+- goto fail;
++ if (!u)
++ return -ENOMEM;
+
+- if (rename(temp_path, "/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) {
+- r = -errno;
+- goto fail;
++ l = u;
+ }
+
+- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) >= 0)
+- c->x11_mtime = timespec_load(&st.st_mtim);
++ if (strv_isempty(l)) {
++ strv_free(l);
+
+- return 0;
++ if (unlink("/etc/default/keyboard") < 0)
++ return errno == ENOENT ? 0 : -errno;
+
+-fail:
+- if (temp_path)
+- (void) unlink(temp_path);
++ c->vc_mtime = USEC_INFINITY;
++ return 0;
++ }
++
++ r = write_env_file("/etc/default/keyboard", l);
++ strv_free(l);
++
++ if (r >= 0 && stat("/etc/default/keyboard", &st) >= 0)
++ c->x11_mtime = timespec_load(&st.st_mtim);
+
+ return r;
+ }
+diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
+index e168889..7485f2b 100644
+--- a/src/timedate/timedated.c
++++ b/src/timedate/timedated.c
+@@ -215,6 +215,7 @@ static int context_read_data(Context *c) {
+ static int context_write_data_timezone(Context *c) {
+ _cleanup_free_ char *p = NULL;
+ int r = 0;
++ struct stat st;
+
+ assert(c);
+
+@@ -222,6 +223,9 @@ static int context_write_data_timezone(Context *c) {
+ if (unlink("/etc/localtime") < 0 && errno != ENOENT)
+ r = -errno;
+
++ if (unlink("/etc/timezone") < 0 && errno != ENOENT)
++ r = -errno;
++
+ return r;
+ }
+
+@@ -233,6 +237,12 @@ static int context_write_data_timezone(Context *c) {
+ if (r < 0)
+ return r;
+
++ if (stat("/etc/timezone", &st) == 0 && S_ISREG(st.st_mode)) {
++ r = write_string_file("/etc/timezone", c->zone, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
++ if (r < 0)
++ return r;
++ }
++
+ return 0;
+ }
+
diff --git a/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8f9418378075e6c38d827a7fcfda58195f95bb74
--- /dev/null
+++ b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch
@@ -0,0 +1,1055 @@
+From: Didier Roche <didrocks@ubuntu.com>
+Date: Fri, 22 May 2015 13:04:38 +0200
+Subject: fsckd daemon for inter-fsckd communication
+
+Global logic:
+Add systemd-fsckd multiplexer which accepts multiple (via systemd-fsck's
+/run/systemd/fsck.progress socket) fsck instances to connect to it and sends
+progress report. systemd-fsckd then computes and writes to /dev/console the
+number of devices currently being checked and the minimum fsck progress.
+
+Plymouth and user interaction:
+Forward the progress to plymouth and support canellation of in progress fsck.
+Try to connect and send to plymouth (if running) some checked report progress,
+using direct plymouth protocole.
+
+Update message is the following:
+fsckd:<num_devices>:<progress>:<string>
+* num_devices corresponds to the current number of devices being checked (int)
+* progress corresponds to the current minimum percentage of all devices being
+ checked (float, from 0 to 100)
+* string is a translated message ready to be displayed by the plymouth theme
+ displaying the information above. It can be overridden by plymouth themes
+ supporting i18n.
+
+Grab in fsckd plymouth watch key Control+C, and propagate this cancel request
+to systemd-fsck which will terminate fsck.
+
+Send a message to signal to user what key we are grabbing for fsck cancel.
+
+Message is: fsckd-cancel-msg:<string>
+Where string is a translated string ready to be displayed by the plymouth theme
+indicating that Control+C can be used to cancel current checks. It can be
+overridden (matching only fsckd-cancel-msg prefix) for themes supporting i18n.
+
+Misc:
+systemd-fsckd stops on idle when no fsck is connected.
+Add man page explaining the plymouth theme protocol, usage of the daemon
+as well as the socket activation part. Adapt existing fsck man page.
+
+Note that fsckd had lived in the upstream tree for a while, but was removed.
+More information at
+http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html
+-
+---
+ man/rules/meson.build | 1 +
+ man/systemd-fsckd.service.xml | 162 +++++++++
+ meson.build | 8 +
+ po/POTFILES.in | 1 +
+ src/fsckd/fsckd.c | 690 +++++++++++++++++++++++++++++++++++++
+ units/meson.build | 2 +
+ units/systemd-fsck-root.service.in | 2 +
+ units/systemd-fsck@.service.in | 3 +-
+ units/systemd-fsckd.service.in | 17 +
+ units/systemd-fsckd.socket | 15 +
+ 10 files changed, 900 insertions(+), 1 deletion(-)
+ create mode 100644 man/systemd-fsckd.service.xml
+ create mode 100644 src/fsckd/fsckd.c
+ create mode 100644 units/systemd-fsckd.service.in
+ create mode 100644 units/systemd-fsckd.socket
+
+diff --git a/man/rules/meson.build b/man/rules/meson.build
+index 0c990a0..dff5d2f 100644
+--- a/man/rules/meson.build
++++ b/man/rules/meson.build
+@@ -657,6 +657,7 @@ manpages = [
+ '8',
+ ['systemd-fsck', 'systemd-fsck-root.service'],
+ ''],
++ ['systemd-fsckd.service', '8', ['systemd-fsckd.socket', 'systemd-fsckd'], ''],
+ ['systemd-fstab-generator', '8', [], ''],
+ ['systemd-getty-generator', '8', [], ''],
+ ['systemd-gpt-auto-generator', '8', [], ''],
+diff --git a/man/systemd-fsckd.service.xml b/man/systemd-fsckd.service.xml
+new file mode 100644
+index 0000000..b7ad58d
+--- /dev/null
++++ b/man/systemd-fsckd.service.xml
+@@ -0,0 +1,162 @@
++<?xml version="1.0"?>
++<!--*-nxml-*-->
++<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
++<!--
++ This file is part of systemd.
++
++ Copyright 2015 Canonical
++
++ systemd is free software; you can redistribute it and/or modify it
++ under the terms of the GNU Lesser General Public License as published by
++ the Free Software Foundation; either version 2.1 of the License, or
++ (at your option) any later version.
++
++ systemd is distributed in the hope that it will be useful, but
++ WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public License
++ along with systemd; If not, see <http://www.gnu.org/licenses/>.
++-->
++<refentry id="systemd-fsckd.service" xmlns:xi="http://www.w3.org/2001/XInclude">
++
++ <refentryinfo>
++ <title>systemd-fsckd.service</title>
++ <productname>systemd</productname>
++
++ <authorgroup>
++ <author>
++ <contrib>Developer</contrib>
++ <firstname>Didier</firstname>
++ <surname>Roche</surname>
++ <email>didrocks@ubuntu.com</email>
++ </author>
++ </authorgroup>
++ </refentryinfo>
++
++ <refmeta>
++ <refentrytitle>systemd-fsckd.service</refentrytitle>
++ <manvolnum>8</manvolnum>
++ </refmeta>
++
++ <refnamediv>
++ <refname>systemd-fsckd.service</refname>
++ <refname>systemd-fsckd.socket</refname>
++ <refname>systemd-fsckd</refname>
++ <refpurpose>File system check progress reporting</refpurpose>
++ </refnamediv>
++
++ <refsynopsisdiv>
++ <para><filename>systemd-fsckd.service</filename></para>
++ <para><filename>systemd-fsckd.socket</filename></para>
++ <para><filename>/usr/lib/systemd/systemd-fsckd</filename></para>
++ </refsynopsisdiv>
++
++ <refsect1>
++ <title>Description</title>
++
++ <para><filename>systemd-fsckd.service</filename> is a service responsible
++ for receiving file system check progress, and communicating some
++ consolidated data to console and plymouth (if running). It also handles
++ possible check cancellations.</para>
++
++ <para><command>systemd-fsckd</command> receives messages about file
++ system check progress from <command>fsck</command> through an
++ UNIX domain socket. It can display the progress of the least advanced
++ fsck as well as the total number of devices being checked in parallel
++ to the console. It will also send progress messages to plymouth.
++ Both the raw data and translated messages are sent, so compiled
++ plymouth themes can use the raw data to display custom messages, and
++ scripted themes, not supporting i18n, can display the translated
++ versions.</para>
++
++ <para><command>systemd-fsckd</command> will instruct plymouth to grab
++ Control+C keypresses. When the key is pressed, running checks will be
++ terminated. It will also cancel any newly connected fsck instances for
++ the lifetime of <filename>systemd-fsckd</filename>.</para>
++ </refsect1>
++
++ <refsect1>
++ <title>Protocol for communication with plymouth</title>
++
++ <para><filename>systemd-fsckd</filename> passes the
++ following messages to the theme:</para>
++
++ <para>Progress update, sent as a plymouth update message:
++ <literal>fsckd:<num_devices>:<progress>:<string></literal>
++ <variablelist>
++ <varlistentry>
++ <term><literal><num_devices></literal></term>
++ <listitem><para>the current number of devices
++ being checked (int)</para></listitem>
++ </varlistentry>
++ <varlistentry>
++ <term><literal><progress></literal></term>
++ <listitem><para>the current minimum percentage of
++ all devices being checking (float, from 0 to 100)</para></listitem>
++ </varlistentry>
++ <varlistentry>
++ <term><literal><string></literal></term>
++ <listitem><para>a translated message ready to be displayed
++ by the plymouth theme displaying the data above. It can be overridden
++ by themes supporting i18n.</para></listitem>
++ </varlistentry>
++ </variablelist>
++ </para>
++
++ <para>Cancel message, sent as a traditional plymouth message:
++ <literal>fsckd-cancel-msg:<string></literal>
++ <variablelist>
++ <varlistentry>
++ <term><literal><strings></literal></term>
++ <listitem><para>a translated string ready to be displayed
++ by the plymouth theme indicating that Control+C can be used to cancel
++ current checks. It can be overridden (matching only
++ <literal>fsckd-cancel-msg</literal> prefix)
++ by themes supporting i18n.</para></listitem>
++ </varlistentry>
++ </variablelist>
++ </para>
++ </refsect1>
++
++ <refsect1>
++ <title>Options</title>
++
++ <para>The following options are understood:</para>
++
++ <variablelist>
++ <xi:include href="standard-options.xml" xpointer="help" />
++ <xi:include href="standard-options.xml" xpointer="version" />
++ </variablelist>
++
++ </refsect1>
++
++ <refsect1>
++ <title>Exit status</title>
++
++ <para>On success, 0 is returned, a non-zero failure
++ code otherwise. Note that the daemon stays idle for
++ a while to accept new <filename>fsck</filename>
++ connections before exiting.</para>
++ </refsect1>
++
++ <refsect1>
++ <title>See Also</title>
++ <para>
++ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
++ <citerefentry><refentrytitle>systemd-fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry><refentrytitle>systemd-quotacheck.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.cramfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.ext4</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.fat</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.hfsplus</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.minix</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.ntfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.xfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
++ </para>
++ </refsect1>
++
++</refentry>
+diff --git a/meson.build b/meson.build
+index e6b28e1..a87bb57 100644
+--- a/meson.build
++++ b/meson.build
+@@ -2372,6 +2372,14 @@ executable('systemd-makefs',
+ install : true,
+ install_dir : rootlibexecdir)
+
++executable('systemd-fsckd',
++ 'src/fsckd/fsckd.c',
++ include_directories : includes,
++ link_with : [libshared],
++ install_rpath : rootlibexecdir,
++ install : true,
++ install_dir : rootlibexecdir)
++
+ executable('systemd-sleep',
+ 'src/sleep/sleep.c',
+ include_directories : includes,
+diff --git a/po/POTFILES.in b/po/POTFILES.in
+index 029261c..d709ddb 100644
+--- a/po/POTFILES.in
++++ b/po/POTFILES.in
+@@ -8,3 +8,4 @@ src/portable/org.freedesktop.portable1.policy
+ src/resolve/org.freedesktop.resolve1.policy
+ src/timedate/org.freedesktop.timedate1.policy
+ src/core/dbus-unit.c
++src/fsckd/fsckd.c
+diff --git a/src/fsckd/fsckd.c b/src/fsckd/fsckd.c
+new file mode 100644
+index 0000000..d48e53a
+--- /dev/null
++++ b/src/fsckd/fsckd.c
+@@ -0,0 +1,690 @@
++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
++
++/***
++ This file is part of systemd.
++
++ Copyright 2015 Canonical
++
++ Author:
++ Didier Roche <didrocks@ubuntu.com>
++
++ systemd is free software; you can redistribute it and/or modify it
++ under the terms of the GNU Lesser General Public License as published by
++ the Free Software Foundation; either version 2.1 of the License, or
++ (at your option) any later version.
++
++ systemd is distributed in the hope that it will be useful, but
++ WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public License
++ along with systemd; If not, see <http://www.gnu.org/licenses/>.
++***/
++
++#include <getopt.h>
++#include <errno.h>
++#include <libintl.h>
++#include <math.h>
++#include <stdbool.h>
++#include <stdlib.h>
++#include <stdio.h>
++#include <sys/socket.h>
++#include <sys/types.h>
++#include <sys/un.h>
++#include <unistd.h>
++
++#include "sd-daemon.h"
++#include "build.h"
++#include "def.h"
++#include "sd-event.h"
++#include "log.h"
++#include "list.h"
++#include "macro.h"
++#include "socket-util.h"
++#include "fd-util.h"
++#include "string-util.h"
++#include "io-util.h"
++#include "util.h"
++#include "alloc-util.h"
++#include "locale-util.h"
++
++#define FSCKD_SOCKET_PATH "/run/systemd/fsck.progress"
++#define IDLE_TIME_SECONDS 30
++#define PLYMOUTH_REQUEST_KEY "K\2\2\3"
++#define CLIENTS_MAX 128
++
++struct Manager;
++
++typedef struct Client {
++ struct Manager *manager;
++ char *device_name;
++ /* device id refers to "fd <fd>" until it gets a name as "device_name" */
++ char *device_id;
++
++ pid_t fsck_pid;
++ FILE *fsck_f;
++
++ size_t cur;
++ size_t max;
++ int pass;
++
++ double percent;
++
++ bool cancelled;
++ bool bad_input;
++
++ sd_event_source *event_source;
++
++ LIST_FIELDS(struct Client, clients);
++} Client;
++
++typedef struct Manager {
++ sd_event *event;
++
++ LIST_HEAD(Client, clients);
++ unsigned n_clients;
++
++ size_t clear;
++
++ int connection_fd;
++ sd_event_source *connection_event_source;
++
++ bool show_status_console;
++
++ double percent;
++ int numdevices;
++
++ int plymouth_fd;
++ sd_event_source *plymouth_event_source;
++ bool plymouth_cancel_sent;
++
++ bool cancel_requested;
++} Manager;
++
++static void client_free(Client *c);
++static void manager_free(Manager *m);
++
++DEFINE_TRIVIAL_CLEANUP_FUNC(Client*, client_free);
++DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
++
++static int manager_write_console(Manager *m, const char *message) {
++ _cleanup_fclose_ FILE *console = NULL;
++ int l;
++ size_t j;
++
++ assert(m);
++
++ if (!m->show_status_console)
++ return 0;
++
++ /* Reduce the SAK window by opening and closing console on every request */
++ console = fopen("/dev/console", "we");
++ if (!console)
++ return -errno;
++
++ if (message) {
++ fprintf(console, "\r%s\r%n", message, &l);
++ if (m->clear < (size_t)l)
++ m->clear = (size_t)l;
++ } else {
++ fputc('\r', console);
++ for (j = 0; j < m->clear; j++)
++ fputc(' ', console);
++ fputc('\r', console);
++ }
++ fflush(console);
++
++ return 0;
++}
++
++static double compute_percent(int pass, size_t cur, size_t max) {
++ /* Values stolen from e2fsck */
++
++ static const double pass_table[] = {
++ 0, 70, 90, 92, 95, 100
++ };
++
++ if (pass <= 0)
++ return 0.0;
++
++ if ((unsigned) pass >= ELEMENTSOF(pass_table) || max == 0)
++ return 100.0;
++
++ return pass_table[pass-1] +
++ (pass_table[pass] - pass_table[pass-1]) *
++ (double) cur / max;
++}
++
++static int client_request_cancel(Client *c) {
++ assert(c);
++
++ if (c->cancelled)
++ return 0;
++
++ log_info("Request to cancel fsck for %s from fsckd", c->device_id);
++ if (kill(c->fsck_pid, SIGTERM) < 0) {
++ /* ignore the error and consider that cancel was sent if fsck just exited */
++ if (errno != ESRCH)
++ return log_error_errno(errno, "Cannot send cancel to fsck for %s: %m", c->device_id);
++ }
++
++ c->cancelled = true;
++ return 1;
++}
++
++static void client_free(Client *c) {
++ assert(c);
++
++ if (c->manager) {
++ LIST_REMOVE(clients, c->manager->clients, c);
++ c->manager->n_clients--;
++ }
++
++ sd_event_source_unref(c->event_source);
++ fclose(c->fsck_f);
++ if (c->device_name)
++ free(c->device_name);
++ if (c->device_id)
++ free(c->device_id);
++ free(c);
++}
++
++static void manager_disconnect_plymouth(Manager *m) {
++ assert(m);
++
++ m->plymouth_event_source = sd_event_source_unref(m->plymouth_event_source);
++ m->plymouth_fd = safe_close(m->plymouth_fd);
++ m->plymouth_cancel_sent = false;
++}
++
++static int manager_plymouth_feedback_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
++ Manager *m = userdata;
++ Client *current;
++ char buffer[6];
++ ssize_t l;
++
++ assert(m);
++
++ l = read(m->plymouth_fd, buffer, sizeof(buffer));
++ if (l < 0) {
++ log_warning_errno(errno, "Got error while reading from plymouth: %m");
++ manager_disconnect_plymouth(m);
++ return -errno;
++ }
++ if (l == 0) {
++ manager_disconnect_plymouth(m);
++ return 0;
++ }
++
++ if (l > 1 && buffer[0] == '\15')
++ log_error("Message update to plymouth wasn't delivered successfully");
++
++ /* the only answer support type we requested is a key interruption */
++ if (l > 2 && buffer[0] == '\2' && buffer[5] == '\3') {
++ m->cancel_requested = true;
++
++ /* cancel all connected clients */
++ LIST_FOREACH(clients, current, m->clients)
++ client_request_cancel(current);
++ }
++
++ return 0;
++}
++
++static int manager_connect_plymouth(Manager *m) {
++ union sockaddr_union sa = PLYMOUTH_SOCKET;
++ int r;
++
++ if (!plymouth_running())
++ return 0;
++
++ /* try to connect or reconnect if sending a message */
++ if (m->plymouth_fd >= 0)
++ return 1;
++
++ m->plymouth_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
++ if (m->plymouth_fd < 0)
++ return log_warning_errno(errno, "Connection to plymouth socket failed: %m");
++
++ if (connect(m->plymouth_fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(sa.un.sun_path+1)) < 0) {
++ r = log_warning_errno(errno, "Couldn't connect to plymouth: %m");
++ goto fail;
++ }
++
++ r = sd_event_add_io(m->event, &m->plymouth_event_source, m->plymouth_fd, EPOLLIN, manager_plymouth_feedback_handler, m);
++ if (r < 0) {
++ log_warning_errno(r, "Can't listen to plymouth socket: %m");
++ goto fail;
++ }
++
++ return 1;
++
++fail:
++ manager_disconnect_plymouth(m);
++ return r;
++}
++
++static int plymouth_send_message(int plymouth_fd, const char *message, bool update) {
++ _cleanup_free_ char *packet = NULL;
++ int n;
++ char mode = 'M';
++
++ if (update)
++ mode = 'U';
++
++ if (asprintf(&packet, "%c\002%c%s%n", mode, (int) (strlen(message) + 1), message, &n) < 0)
++ return log_oom();
++
++ return loop_write(plymouth_fd, packet, n + 1, true);
++}
++
++static int manager_send_plymouth_message(Manager *m, const char *message) {
++ const char *plymouth_cancel_message = NULL, *l10n_cancel_message = NULL;
++ int r;
++
++ r = manager_connect_plymouth(m);
++ if (r < 0)
++ return r;
++ /* 0 means that plymouth isn't running, do not send any message yet */
++ else if (r == 0)
++ return 0;
++
++ if (!m->plymouth_cancel_sent) {
++
++ /* Indicate to plymouth that we listen to Ctrl+C */
++ r = loop_write(m->plymouth_fd, PLYMOUTH_REQUEST_KEY, sizeof(PLYMOUTH_REQUEST_KEY), true);
++ if (r < 0)
++ return log_warning_errno(r, "Can't send to plymouth cancel key: %m");
++
++ m->plymouth_cancel_sent = true;
++
++ l10n_cancel_message = _("Press Ctrl+C to cancel all filesystem checks in progress");
++ plymouth_cancel_message = strjoina("fsckd-cancel-msg:", l10n_cancel_message);
++
++ r = plymouth_send_message(m->plymouth_fd, plymouth_cancel_message, false);
++ if (r < 0)
++ log_warning_errno(r, "Can't send filesystem cancel message to plymouth: %m");
++
++ } else if (m->numdevices == 0) {
++
++ m->plymouth_cancel_sent = false;
++
++ r = plymouth_send_message(m->plymouth_fd, "", false);
++ if (r < 0)
++ log_warning_errno(r, "Can't clear plymouth filesystem cancel message: %m");
++ }
++
++ r = plymouth_send_message(m->plymouth_fd, message, true);
++ if (r < 0)
++ return log_warning_errno(r, "Couldn't send \"%s\" to plymouth: %m", message);
++
++ return 0;
++}
++
++static int manager_update_global_progress(Manager *m) {
++ Client *current = NULL;
++ _cleanup_free_ char *console_message = NULL;
++ _cleanup_free_ char *fsck_message = NULL;
++ int current_numdevices = 0, r;
++ double current_percent = 100;
++
++ /* get the overall percentage */
++ LIST_FOREACH(clients, current, m->clients) {
++ current_numdevices++;
++
++ /* right now, we only keep the minimum % of all fsckd processes. We could in the future trying to be
++ linear, but max changes and corresponds to the pass. We have all the informations into fsckd
++ already if we can treat that in a smarter way. */
++ current_percent = MIN(current_percent, current->percent);
++ }
++
++ /* update if there is anything user-visible to update */
++ if (fabs(current_percent - m->percent) > 0.001 || current_numdevices != m->numdevices) {
++ m->numdevices = current_numdevices;
++ m->percent = current_percent;
++
++ if (asprintf(&console_message,
++ ngettext("Checking in progress on %d disk (%3.1f%% complete)",
++ "Checking in progress on %d disks (%3.1f%% complete)", m->numdevices),
++ m->numdevices, m->percent) < 0)
++ return -ENOMEM;
++
++ if (asprintf(&fsck_message, "fsckd:%d:%3.1f:%s", m->numdevices, m->percent, console_message) < 0)
++ return -ENOMEM;
++
++ r = manager_write_console(m, console_message);
++ if (r < 0)
++ return r;
++
++ /* try to connect to plymouth and send message */
++ r = manager_send_plymouth_message(m, fsck_message);
++ if (r < 0)
++ return r;
++ }
++ return 0;
++}
++
++static int client_progress_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
++ Client *client = userdata;
++ char line[LINE_MAX];
++ Manager *m;
++
++ assert(client);
++ m = client->manager;
++
++ /* check first if we need to cancel this client */
++ if (m->cancel_requested)
++ client_request_cancel(client);
++
++ while (fgets(line, sizeof(line), client->fsck_f) != NULL) {
++ int pass;
++ size_t cur, max;
++ _cleanup_free_ char *device = NULL, *old_device_id = NULL;
++
++ if (sscanf(line, "%i %zu %zu %ms", &pass, &cur, &max, &device) == 4) {
++ if (!client->device_name) {
++ client->device_name = strdup(device);
++ if (!client->device_name) {
++ log_oom();
++ continue;
++ }
++ old_device_id = client->device_id;
++ client->device_id = strdup(device);
++ if (!client->device_id) {
++ log_oom();
++ client->device_id = old_device_id;
++ old_device_id = NULL;
++ continue;
++ }
++ }
++ client->pass = pass;
++ client->cur = cur;
++ client->max = max;
++ client->bad_input = false;
++ client->percent = compute_percent(client->pass, client->cur, client->max);
++ log_debug("Getting progress for %s (%zu, %zu, %d) : %3.1f%%", client->device_id,
++ client->cur, client->max, client->pass, client->percent);
++ } else {
++ if (errno == ENOMEM) {
++ log_oom();
++ continue;
++ }
++
++ /* if previous input was already garbage, kick it off from progress report */
++ if (client->bad_input) {
++ log_warning("Closing connection on incorrect input of fsck connection for %s", client->device_id);
++ client_free(client);
++ manager_update_global_progress(m);
++ return 0;
++ }
++ client->bad_input = true;
++ }
++
++ }
++
++ if (feof(client->fsck_f)) {
++ log_debug("Fsck client %s disconnected", client->device_id);
++ client_free(client);
++ }
++
++ manager_update_global_progress(m);
++ return 0;
++}
++
++static int manager_new_connection_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
++ _cleanup_(client_freep) Client *c = NULL;
++ _cleanup_close_ int new_fsck_fd = -1;
++ _cleanup_fclose_ FILE *new_fsck_f = NULL;
++ struct ucred ucred = {};
++ Manager *m = userdata;
++ int r;
++
++ assert(m);
++
++ /* Initialize and list new clients */
++ new_fsck_fd = accept4(m->connection_fd, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
++ if (new_fsck_fd < 0) {
++ log_error_errno(errno, "Couldn't accept a new connection: %m");
++ return 0;
++ }
++
++ if (m->n_clients >= CLIENTS_MAX) {
++ log_error("Too many clients, refusing connection.");
++ return 0;
++ }
++
++
++ new_fsck_f = fdopen(new_fsck_fd, "r");
++ if (!new_fsck_f) {
++ log_error_errno(errno, "Couldn't fdopen new connection for fd %d: %m", new_fsck_fd);
++ return 0;
++ }
++ new_fsck_fd = -1;
++
++ r = getpeercred(fileno(new_fsck_f), &ucred);
++ if (r < 0) {
++ log_error_errno(r, "Couldn't get credentials for fsck: %m");
++ return 0;
++ }
++
++ c = new0(Client, 1);
++ if (!c) {
++ log_oom();
++ return 0;
++ }
++
++ c->fsck_pid = ucred.pid;
++ c->fsck_f = new_fsck_f;
++ new_fsck_f = NULL;
++
++ if (asprintf(&(c->device_id), "fd %d", fileno(c->fsck_f)) < 0) {
++ log_oom();
++ return 0;
++ }
++
++ r = sd_event_add_io(m->event, &c->event_source, fileno(c->fsck_f), EPOLLIN, client_progress_handler, c);
++ if (r < 0) {
++ log_oom();
++ return 0;
++ }
++
++ LIST_PREPEND(clients, m->clients, c);
++ m->n_clients++;
++ c->manager = m;
++
++ log_debug("New fsck client connected: %s", c->device_id);
++
++ /* only request the client to cancel now in case the request is dropped by the client (chance to recancel) */
++ if (m->cancel_requested)
++ client_request_cancel(c);
++
++ c = NULL;
++ return 0;
++}
++
++static void manager_free(Manager *m) {
++ if (!m)
++ return;
++
++ /* clear last line */
++ manager_write_console(m, NULL);
++
++ sd_event_source_unref(m->connection_event_source);
++ safe_close(m->connection_fd);
++
++ while (m->clients)
++ client_free(m->clients);
++
++ manager_disconnect_plymouth(m);
++
++ sd_event_unref(m->event);
++
++ free(m);
++}
++
++static int manager_new(Manager **ret, int fd) {
++ _cleanup_(manager_freep) Manager *m = NULL;
++ int r;
++
++ assert(ret);
++
++ m = new0(Manager, 1);
++ if (!m)
++ return -ENOMEM;
++
++ m->plymouth_fd = -1;
++ m->connection_fd = fd;
++ m->percent = 100;
++
++ r = sd_event_default(&m->event);
++ if (r < 0)
++ return r;
++
++ if (access("/run/systemd/show-status", F_OK) >= 0)
++ m->show_status_console = true;
++
++ r = sd_event_add_io(m->event, &m->connection_event_source, fd, EPOLLIN, manager_new_connection_handler, m);
++ if (r < 0)
++ return r;
++
++ *ret = m;
++ m = NULL;
++
++ return 0;
++}
++
++static int run_event_loop_with_timeout(Manager *m, usec_t timeout) {
++ int r, code;
++ sd_event *e = m->event;
++
++ assert(e);
++
++ for (;;) {
++ r = sd_event_get_state(e);
++ if (r < 0)
++ return r;
++ if (r == SD_EVENT_FINISHED)
++ break;
++
++ r = sd_event_run(e, timeout);
++ if (r < 0)
++ return r;
++
++ /* Exit if we reached the idle timeout and no more clients are
++ connected. If there is still an fsck process running but
++ simply slow to send us progress updates, exiting would mean
++ that this fsck process receives SIGPIPE resulting in an
++ aborted file system check. */
++ if (r == 0 && m->n_clients == 0) {
++ sd_event_exit(e, 0);
++ break;
++ }
++ }
++
++ r = sd_event_get_exit_code(e, &code);
++ if (r < 0)
++ return r;
++
++ return code;
++}
++
++static void help(void) {
++ printf("%s [OPTIONS...]\n\n"
++ "Capture fsck progress and forward one stream to plymouth\n\n"
++ " -h --help Show this help\n"
++ " --version Show package version\n",
++ program_invocation_short_name);
++}
++
++static int parse_argv(int argc, char *argv[]) {
++
++ enum {
++ ARG_VERSION = 0x100,
++ ARG_ROOT,
++ };
++
++ static const struct option options[] = {
++ { "help", no_argument, NULL, 'h' },
++ { "version", no_argument, NULL, ARG_VERSION },
++ {}
++ };
++
++ int c;
++
++ assert(argc >= 0);
++ assert(argv);
++
++ while ((c = getopt_long(argc, argv, "hv", options, NULL)) >= 0)
++ switch (c) {
++
++ case 'h':
++ help();
++ return 0;
++
++ case ARG_VERSION:
++ puts(PACKAGE_STRING);
++ puts(SYSTEMD_FEATURES);
++ return 0;
++
++ case '?':
++ return -EINVAL;
++
++ default:
++ assert_not_reached("Unhandled option");
++ }
++
++ if (optind < argc) {
++ log_error("Extraneous arguments");
++ return -EINVAL;
++ }
++
++ return 1;
++}
++
++int main(int argc, char *argv[]) {
++ _cleanup_(manager_freep) Manager *m = NULL;
++ int fd = -1;
++ int r, n;
++
++ log_set_target(LOG_TARGET_AUTO);
++ log_parse_environment();
++ log_open();
++ init_gettext();
++
++ r = parse_argv(argc, argv);
++ if (r <= 0)
++ goto finish;
++
++ n = sd_listen_fds(0);
++ if (n > 1) {
++ log_error("Too many file descriptors received.");
++ r = -EINVAL;
++ goto finish;
++ } else if (n == 1)
++ fd = SD_LISTEN_FDS_START + 0;
++ else {
++ fd = make_socket_fd(LOG_DEBUG, FSCKD_SOCKET_PATH, SOCK_STREAM, SOCK_CLOEXEC);
++ if (fd < 0) {
++ r = log_error_errno(fd, "Couldn't create listening socket fd on %s: %m", FSCKD_SOCKET_PATH);
++ goto finish;
++ }
++ }
++
++ r = manager_new(&m, fd);
++ if (r < 0) {
++ log_error_errno(r, "Failed to allocate manager: %m");
++ goto finish;
++ }
++
++ r = run_event_loop_with_timeout(m, IDLE_TIME_SECONDS * USEC_PER_SEC);
++ if (r < 0) {
++ log_error_errno(r, "Failed to run event loop: %m");
++ goto finish;
++ }
++
++ sd_event_get_exit_code(m->event, &r);
++
++finish:
++ return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
++}
+diff --git a/units/meson.build b/units/meson.build
+index d695084..ab489b3 100644
+--- a/units/meson.build
++++ b/units/meson.build
+@@ -87,6 +87,7 @@ units = [
+ ['systemd-coredump.socket', 'ENABLE_COREDUMP',
+ 'sockets.target.wants/'],
+ ['systemd-exit.service', ''],
++ ['systemd-fsckd.socket', ''],
+ ['systemd-initctl.socket', '',
+ 'sockets.target.wants/'],
+ ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
+@@ -143,6 +144,7 @@ in_units = [
+ 'sysinit.target.wants/'],
+ ['systemd-fsck-root.service', ''],
+ ['systemd-fsck@.service', ''],
++ ['systemd-fsckd.service', ''],
+ ['systemd-halt.service', ''],
+ ['systemd-hibernate-resume@.service', 'ENABLE_HIBERNATE'],
+ ['systemd-hibernate.service', 'ENABLE_HIBERNATE'],
+diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in
+index 042081c..bea6c16 100644
+--- a/units/systemd-fsck-root.service.in
++++ b/units/systemd-fsck-root.service.in
+@@ -13,6 +13,8 @@ Documentation=man:systemd-fsck-root.service(8)
+ DefaultDependencies=no
+ Conflicts=shutdown.target
+ Before=local-fs.target shutdown.target
++Wants=systemd-fsckd.socket
++After=systemd-fsckd.socket
+ ConditionPathIsReadWrite=!/
+
+ [Service]
+diff --git a/units/systemd-fsck@.service.in b/units/systemd-fsck@.service.in
+index 3322083..bfa565b 100644
+--- a/units/systemd-fsck@.service.in
++++ b/units/systemd-fsck@.service.in
+@@ -13,7 +13,8 @@ Documentation=man:systemd-fsck@.service(8)
+ DefaultDependencies=no
+ BindsTo=%i.device
+ Conflicts=shutdown.target
+-After=%i.device systemd-fsck-root.service local-fs-pre.target
++Wants=systemd-fsckd.socket
++After=%i.device systemd-fsck-root.service local-fs-pre.target systemd-fsckd.socket
+ Before=systemd-quotacheck.service shutdown.target
+
+ [Service]
+diff --git a/units/systemd-fsckd.service.in b/units/systemd-fsckd.service.in
+new file mode 100644
+index 0000000..9c7ed51
+--- /dev/null
++++ b/units/systemd-fsckd.service.in
+@@ -0,0 +1,17 @@
++# This file is part of systemd.
++#
++# systemd is free software; you can redistribute it and/or modify it
++# under the terms of the GNU Lesser General Public License as published by
++# the Free Software Foundation; either version 2.1 of the License, or
++# (at your option) any later version.
++
++[Unit]
++Description=File System Check Daemon to report status
++Documentation=man:systemd-fsckd.service(8)
++DefaultDependencies=no
++Requires=systemd-fsckd.socket
++Before=shutdown.target
++
++[Service]
++ExecStart=@rootlibexecdir@/systemd-fsckd
++StandardOutput=journal+console
+diff --git a/units/systemd-fsckd.socket b/units/systemd-fsckd.socket
+new file mode 100644
+index 0000000..61fec97
+--- /dev/null
++++ b/units/systemd-fsckd.socket
+@@ -0,0 +1,15 @@
++# This file is part of systemd.
++#
++# systemd is free software; you can redistribute it and/or modify it
++# under the terms of the GNU Lesser General Public License as published by
++# the Free Software Foundation; either version 2.1 of the License, or
++# (at your option) any later version.
++
++[Unit]
++Description=fsck to fsckd communication Socket
++Documentation=man:systemd-fsckd.service(8) man:systemd-fsck@.service(8) man:systemd-fsck-root.service(8)
++DefaultDependencies=no
++
++[Socket]
++ListenStream=/run/systemd/fsck.progress
++SocketMode=0600
diff --git a/debian/patches/httpd-use-a-cleanup-function-to-call-MHD_destroy_response.patch b/debian/patches/httpd-use-a-cleanup-function-to-call-MHD_destroy_response.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e16c1c0d4734c479cf0a0c5c8b87619b0f48a178
--- /dev/null
+++ b/debian/patches/httpd-use-a-cleanup-function-to-call-MHD_destroy_response.patch
@@ -0,0 +1,192 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 7 Dec 2018 12:13:10 +0100
+Subject: =?utf-8?q?=C2=B5httpd=3A_use_a_cleanup_function_to_call_MHD=5Fdest?=
+ =?utf-8?q?roy=5Fresponse?=
+
+(cherry picked from commit d101fb24eb1c58c97f2adce1f69f4b61a788933a)
+(cherry picked from commit 03bf8a389ea1e9822a1b66f14b699661e88e0cb3)
+---
+ src/journal-remote/journal-gatewayd.c | 53 +++++++++--------------------------
+ src/journal-remote/microhttpd-util.c | 11 ++------
+ src/journal-remote/microhttpd-util.h | 1 +
+ 3 files changed, 18 insertions(+), 47 deletions(-)
+
+diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
+index 4185af6..af45fa5 100644
+--- a/src/journal-remote/journal-gatewayd.c
++++ b/src/journal-remote/journal-gatewayd.c
+@@ -461,7 +461,7 @@ static int request_handler_entries(
+ struct MHD_Connection *connection,
+ void *connection_cls) {
+
+- struct MHD_Response *response;
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response = NULL;
+ RequestMeta *m = connection_cls;
+ int r;
+
+@@ -503,11 +503,7 @@ static int request_handler_entries(
+ return respond_oom(connection);
+
+ MHD_add_response_header(response, "Content-Type", mime_types[m->mode]);
+-
+- r = MHD_queue_response(connection, MHD_HTTP_OK, response);
+- MHD_destroy_response(response);
+-
+- return r;
++ return MHD_queue_response(connection, MHD_HTTP_OK, response);
+ }
+
+ static int output_field(FILE *f, OutputMode m, const char *d, size_t l) {
+@@ -619,7 +615,7 @@ static int request_handler_fields(
+ const char *field,
+ void *connection_cls) {
+
+- struct MHD_Response *response;
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response = NULL;
+ RequestMeta *m = connection_cls;
+ int r;
+
+@@ -642,11 +638,7 @@ static int request_handler_fields(
+ return respond_oom(connection);
+
+ MHD_add_response_header(response, "Content-Type", mime_types[m->mode == OUTPUT_JSON ? OUTPUT_JSON : OUTPUT_SHORT]);
+-
+- r = MHD_queue_response(connection, MHD_HTTP_OK, response);
+- MHD_destroy_response(response);
+-
+- return r;
++ return MHD_queue_response(connection, MHD_HTTP_OK, response);
+ }
+
+ static int request_handler_redirect(
+@@ -654,8 +646,7 @@ static int request_handler_redirect(
+ const char *target) {
+
+ char *page;
+- struct MHD_Response *response;
+- int ret;
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response = NULL;
+
+ assert(connection);
+ assert(target);
+@@ -671,11 +662,7 @@ static int request_handler_redirect(
+
+ MHD_add_response_header(response, "Content-Type", "text/html");
+ MHD_add_response_header(response, "Location", target);
+-
+- ret = MHD_queue_response(connection, MHD_HTTP_MOVED_PERMANENTLY, response);
+- MHD_destroy_response(response);
+-
+- return ret;
++ return MHD_queue_response(connection, MHD_HTTP_MOVED_PERMANENTLY, response);
+ }
+
+ static int request_handler_file(
+@@ -683,8 +670,7 @@ static int request_handler_file(
+ const char *path,
+ const char *mime_type) {
+
+- struct MHD_Response *response;
+- int ret;
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response = NULL;
+ _cleanup_close_ int fd = -1;
+ struct stat st;
+
+@@ -702,15 +688,10 @@ static int request_handler_file(
+ response = MHD_create_response_from_fd_at_offset64(st.st_size, fd, 0);
+ if (!response)
+ return respond_oom(connection);
+-
+- fd = -1;
++ TAKE_FD(fd);
+
+ MHD_add_response_header(response, "Content-Type", mime_type);
+-
+- ret = MHD_queue_response(connection, MHD_HTTP_OK, response);
+- MHD_destroy_response(response);
+-
+- return ret;
++ return MHD_queue_response(connection, MHD_HTTP_OK, response);
+ }
+
+ static int get_virtualization(char **v) {
+@@ -747,14 +728,13 @@ static int request_handler_machine(
+ struct MHD_Connection *connection,
+ void *connection_cls) {
+
+- struct MHD_Response *response;
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response = NULL;
+ RequestMeta *m = connection_cls;
+ int r;
+ _cleanup_free_ char* hostname = NULL, *os_name = NULL;
+ uint64_t cutoff_from = 0, cutoff_to = 0, usage = 0;
+- char *json;
+ sd_id128_t mid, bid;
+- _cleanup_free_ char *v = NULL;
++ _cleanup_free_ char *v = NULL, *json = NULL;
+
+ assert(connection);
+ assert(m);
+@@ -803,21 +783,16 @@ static int request_handler_machine(
+ usage,
+ cutoff_from,
+ cutoff_to);
+-
+ if (r < 0)
+ return respond_oom(connection);
+
+ response = MHD_create_response_from_buffer(strlen(json), json, MHD_RESPMEM_MUST_FREE);
+- if (!response) {
+- free(json);
++ if (!response)
+ return respond_oom(connection);
+- }
++ TAKE_PTR(json);
+
+ MHD_add_response_header(response, "Content-Type", "application/json");
+- r = MHD_queue_response(connection, MHD_HTTP_OK, response);
+- MHD_destroy_response(response);
+-
+- return r;
++ return MHD_queue_response(connection, MHD_HTTP_OK, response);
+ }
+
+ static int request_handler(
+diff --git a/src/journal-remote/microhttpd-util.c b/src/journal-remote/microhttpd-util.c
+index adf40b5..6d049d1 100644
+--- a/src/journal-remote/microhttpd-util.c
++++ b/src/journal-remote/microhttpd-util.c
+@@ -32,21 +32,16 @@ static int mhd_respond_internal(struct MHD_Connection *connection,
+ const char *buffer,
+ size_t size,
+ enum MHD_ResponseMemoryMode mode) {
+- struct MHD_Response *response;
+- int r;
+-
+ assert(connection);
+
+- response = MHD_create_response_from_buffer(size, (char*) buffer, mode);
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response
++ = MHD_create_response_from_buffer(size, (char*) buffer, mode);
+ if (!response)
+ return MHD_NO;
+
+ log_debug("Queueing response %u: %s", code, buffer);
+ MHD_add_response_header(response, "Content-Type", "text/plain");
+- r = MHD_queue_response(connection, code, response);
+- MHD_destroy_response(response);
+-
+- return r;
++ return MHD_queue_response(connection, code, response);
+ }
+
+ int mhd_respond(struct MHD_Connection *connection,
+diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h
+index 364cd0f..ba51d84 100644
+--- a/src/journal-remote/microhttpd-util.h
++++ b/src/journal-remote/microhttpd-util.h
+@@ -75,3 +75,4 @@ int check_permissions(struct MHD_Connection *connection, int *code, char **hostn
+ int setup_gnutls_logger(char **categories);
+
+ DEFINE_TRIVIAL_CLEANUP_FUNC(struct MHD_Daemon*, MHD_stop_daemon);
++DEFINE_TRIVIAL_CLEANUP_FUNC(struct MHD_Response*, MHD_destroy_response);
diff --git a/debian/patches/journal-rely-on-_cleanup_free_-to-free-a-temporary-string.patch b/debian/patches/journal-rely-on-_cleanup_free_-to-free-a-temporary-string.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b4ad96c956b8e47552bf5b4d8ca98d1ef5f02119
--- /dev/null
+++ b/debian/patches/journal-rely-on-_cleanup_free_-to-free-a-temporary-string.patch
@@ -0,0 +1,46 @@
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Mon, 24 Dec 2018 00:29:56 +0100
+Subject: journal: rely on _cleanup_free_ to free a temporary string used in
+ client_context_read_cgroup
+
+Closes https://github.com/systemd/systemd/issues/11253.
+
+(cherry picked from commit ef30f7cac18a810814ada7e6a68a31d48cc9fccd)
+(cherry picked from commit 1789a12dbf74112992a478ac4cf2f13d8c286d15)
+---
+ src/journal/journald-context.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/src/journal/journald-context.c b/src/journal/journald-context.c
+index 8253a45..2d711bc 100644
+--- a/src/journal/journald-context.c
++++ b/src/journal/journald-context.c
+@@ -246,7 +246,7 @@ static int client_context_read_label(
+ }
+
+ static int client_context_read_cgroup(Server *s, ClientContext *c, const char *unit_id) {
+- char *t = NULL;
++ _cleanup_free_ char *t = NULL;
+ int r;
+
+ assert(c);
+@@ -254,7 +254,6 @@ static int client_context_read_cgroup(Server *s, ClientContext *c, const char *u
+ /* Try to acquire the current cgroup path */
+ r = cg_pid_get_path_shifted(c->pid, s->cgroup_root, &t);
+ if (r < 0 || empty_or_root(t)) {
+-
+ /* We use the unit ID passed in as fallback if we have nothing cached yet and cg_pid_get_path_shifted()
+ * failed or process is running in a root cgroup. Zombie processes are automatically migrated to root cgroup
+ * on cgroupsv1 and we want to be able to map log messages from them too. */
+@@ -268,10 +267,8 @@ static int client_context_read_cgroup(Server *s, ClientContext *c, const char *u
+ }
+
+ /* Let's shortcut this if the cgroup path didn't change */
+- if (streq_ptr(c->cgroup, t)) {
+- free(t);
++ if (streq_ptr(c->cgroup, t))
+ return 0;
+- }
+
+ free_and_replace(c->cgroup, t);
+
diff --git a/debian/patches/journal-remote-set-a-limit-on-the-number-of-fields-in-a-m.patch b/debian/patches/journal-remote-set-a-limit-on-the-number-of-fields-in-a-m.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f4abb523ceb1a1d83fd487d7a21b5c125a231d1b
--- /dev/null
+++ b/debian/patches/journal-remote-set-a-limit-on-the-number-of-fields-in-a-m.patch
@@ -0,0 +1,75 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 7 Dec 2018 10:48:10 +0100
+Subject: journal-remote: set a limit on the number of fields in a message
+
+Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
+reused for the new error condition (too many fields).
+
+This matches the change done for systemd-journald, hence forming the second
+part of the fix for CVE-2018-16865
+(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
+
+(cherry picked from commit ef4d6abe7c7fab6cbff975b32e76b09feee56074)
+(cherry picked from commit 1c9232336460d0f004156964df1478e4d3ddac97)
+---
+ src/journal-remote/journal-remote-main.c | 7 +++++--
+ src/journal-remote/journal-remote.c | 3 +++
+ src/shared/journal-importer.c | 5 ++++-
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
+index 8543dba..802c3ea 100644
+--- a/src/journal-remote/journal-remote-main.c
++++ b/src/journal-remote/journal-remote-main.c
+@@ -222,9 +222,12 @@ static int process_http_upload(
+ if (r == -EAGAIN)
+ break;
+ if (r < 0) {
+- if (r == -E2BIG)
+- log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.",
++ if (r == -ENOBUFS)
++ log_warning_errno(r, "Entry is above the maximum of %u, aborting connection %p.",
+ DATA_SIZE_MAX, connection);
++ else if (r == -E2BIG)
++ log_warning_errno(r, "Entry with more fields than the maximum of %u, aborting connection %p.",
++ ENTRY_FIELD_COUNT_MAX, connection);
+ else
+ log_warning_errno(r, "Failed to process data, aborting connection %p: %m",
+ connection);
+diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
+index 3c0916c..1da32c5 100644
+--- a/src/journal-remote/journal-remote.c
++++ b/src/journal-remote/journal-remote.c
+@@ -407,6 +407,9 @@ int journal_remote_handle_raw_source(
+ log_debug("%zu active sources remaining", s->active);
+ return 0;
+ } else if (r == -E2BIG) {
++ log_notice("Entry with too many fields, skipped");
++ return 1;
++ } else if (r == -ENOBUFS) {
+ log_notice("Entry too big, skipped");
+ return 1;
+ } else if (r == -EAGAIN) {
+diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c
+index b0e6192..8638cd3 100644
+--- a/src/shared/journal-importer.c
++++ b/src/shared/journal-importer.c
+@@ -23,6 +23,9 @@ enum {
+ };
+
+ static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
++ if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
++ return -E2BIG;
++
+ if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
+ return log_oom();
+
+@@ -97,7 +100,7 @@ static int get_line(JournalImporter *imp, char **line, size_t *size) {
+
+ imp->scanned = imp->filled;
+ if (imp->scanned >= DATA_SIZE_MAX)
+- return log_error_errno(SYNTHETIC_ERRNO(E2BIG),
++ return log_error_errno(SYNTHETIC_ERRNO(ENOBUFS),
+ "Entry is bigger than %u bytes.",
+ DATA_SIZE_MAX);
+
diff --git a/debian/patches/journal-remote-verify-entry-length-from-header.patch b/debian/patches/journal-remote-verify-entry-length-from-header.patch
new file mode 100644
index 0000000000000000000000000000000000000000..63492bbfabe85c63269b5a22e08721c31ef0aae0
--- /dev/null
+++ b/debian/patches/journal-remote-verify-entry-length-from-header.patch
@@ -0,0 +1,111 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 7 Dec 2018 12:47:14 +0100
+Subject: journal-remote: verify entry length from header
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Calling mhd_respond(), which ulimately calls MHD_queue_response() is
+ineffective at point, becuase MHD_queue_response() immediately returns
+MHD_NO signifying an error, because the connection is in state
+MHD_CONNECTION_CONTINUE_SENT.
+
+As Christian Grothoff kindly explained:
+> You are likely calling MHD_queue_repsonse() too late: once you are
+> receiving upload_data, HTTP forces you to process it all. At this time,
+> MHD has already sent "100 continue" and cannot take it back (hence you
+> get MHD_NO!).
+>
+> In your request handler, the first time when you are called for a
+> connection (and when hence *upload_data_size == 0 and upload_data ==
+> NULL) you must check the content-length header and react (with
+> MHD_queue_response) based on this (to prevent MHD from automatically
+> generating 100 continue).
+
+If we ever encounter this kind of error, print a warning and immediately
+abort the connection. (The alternative would be to keep reading the data,
+but ignore it, and return an error after we get to the end of data.
+That is possible, but of course puts additional load on both the
+sender and reciever, and doesn't seem important enough just to return
+a good error message.)
+
+Note that sending of the error does not work (the connection is always aborted
+when MHD_queue_response is used with MHD_RESPMEM_MUST_FREE, as in this case)
+with libµhttpd 0.59, but works with 0.61:
+https://src.fedoraproject.org/rpms/libmicrohttpd/pull-request/1
+
+(cherry picked from commit 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd)
+(cherry picked from commit c6d56141fad673a42b6b4eb186d2d217becca71c)
+---
+ src/journal-remote/journal-remote-main.c | 34 ++++++++++++++++++++++----------
+ 1 file changed, 24 insertions(+), 10 deletions(-)
+
+diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
+index e1748cb..8543dba 100644
+--- a/src/journal-remote/journal-remote-main.c
++++ b/src/journal-remote/journal-remote-main.c
+@@ -221,16 +221,14 @@ static int process_http_upload(
+ journal_remote_server_global->seal);
+ if (r == -EAGAIN)
+ break;
+- else if (r < 0) {
+- log_warning("Failed to process data for connection %p", connection);
++ if (r < 0) {
+ if (r == -E2BIG)
+- return mhd_respondf(connection,
+- r, MHD_HTTP_PAYLOAD_TOO_LARGE,
+- "Entry is too large, maximum is " STRINGIFY(DATA_SIZE_MAX) " bytes.");
++ log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.",
++ DATA_SIZE_MAX, connection);
+ else
+- return mhd_respondf(connection,
+- r, MHD_HTTP_UNPROCESSABLE_ENTITY,
+- "Processing failed: %m.");
++ log_warning_errno(r, "Failed to process data, aborting connection %p: %m",
++ connection);
++ return MHD_NO;
+ }
+ }
+
+@@ -264,6 +262,7 @@ static int request_handler(
+ const char *header;
+ int r, code, fd;
+ _cleanup_free_ char *hostname = NULL;
++ size_t len;
+
+ assert(connection);
+ assert(connection_cls);
+@@ -283,12 +282,27 @@ static int request_handler(
+ if (!streq(url, "/upload"))
+ return mhd_respond(connection, MHD_HTTP_NOT_FOUND, "Not found.");
+
+- header = MHD_lookup_connection_value(connection,
+- MHD_HEADER_KIND, "Content-Type");
++ header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Content-Type");
+ if (!header || !streq(header, "application/vnd.fdo.journal"))
+ return mhd_respond(connection, MHD_HTTP_UNSUPPORTED_MEDIA_TYPE,
+ "Content-Type: application/vnd.fdo.journal is required.");
+
++ header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Content-Length");
++ if (!header)
++ return mhd_respond(connection, MHD_HTTP_LENGTH_REQUIRED,
++ "Content-Length header is required.");
++ r = safe_atozu(header, &len);
++ if (r < 0)
++ return mhd_respondf(connection, r, MHD_HTTP_LENGTH_REQUIRED,
++ "Content-Length: %s cannot be parsed: %m", header);
++
++ if (len > ENTRY_SIZE_MAX)
++ /* When serialized, an entry of maximum size might be slightly larger,
++ * so this does not correspond exactly to the limit in journald. Oh well.
++ */
++ return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE,
++ "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX);
++
+ {
+ const union MHD_ConnectionInfo *ci;
+
diff --git a/debian/patches/journald-do-not-store-the-iovec-entry-for-process-command.patch b/debian/patches/journald-do-not-store-the-iovec-entry-for-process-command.patch
new file mode 100644
index 0000000000000000000000000000000000000000..01b3da1eeea615eb03ea9d03921437d79922b813
--- /dev/null
+++ b/debian/patches/journald-do-not-store-the-iovec-entry-for-process-command.patch
@@ -0,0 +1,200 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 18:38:39 +0100
+Subject: journald: do not store the iovec entry for process commandline on
+ stack
+
+This fixes a crash where we would read the commandline, whose length is under
+control of the sending program, and then crash when trying to create a stack
+allocation for it.
+
+CVE-2018-16864
+https://bugzilla.redhat.com/show_bug.cgi?id=1653855
+
+The message actually doesn't get written to disk, because
+journal_file_append_entry() returns -E2BIG.
+
+(cherry picked from commit 084eeb865ca63887098e0945fb4e93c852b91b0f)
+(cherry picked from commit cf56627fe5525132c8e09eb3e77bfc0556a2f04d)
+---
+ src/basic/io-util.c | 10 ++++++++++
+ src/basic/io-util.h | 2 ++
+ src/coredump/coredump.c | 31 +++++++++++--------------------
+ src/journal/journald-server.c | 25 +++++++++++++++----------
+ 4 files changed, 38 insertions(+), 30 deletions(-)
+
+diff --git a/src/basic/io-util.c b/src/basic/io-util.c
+index 1f64cc9..575398f 100644
+--- a/src/basic/io-util.c
++++ b/src/basic/io-util.c
+@@ -8,6 +8,7 @@
+ #include <unistd.h>
+
+ #include "io-util.h"
++#include "string-util.h"
+ #include "time-util.h"
+
+ int flush_fd(int fd) {
+@@ -252,3 +253,12 @@ ssize_t sparse_write(int fd, const void *p, size_t sz, size_t run_length) {
+
+ return q - (const uint8_t*) p;
+ }
++
++char* set_iovec_string_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value) {
++ char *x;
++
++ x = strappend(field, value);
++ if (x)
++ iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(x);
++ return x;
++}
+diff --git a/src/basic/io-util.h b/src/basic/io-util.h
+index ed189b5..792a64a 100644
+--- a/src/basic/io-util.h
++++ b/src/basic/io-util.h
+@@ -71,3 +71,5 @@ static inline bool FILE_SIZE_VALID_OR_INFINITY(uint64_t l) {
+ #define IOVEC_MAKE(base, len) (struct iovec) IOVEC_INIT(base, len)
+ #define IOVEC_INIT_STRING(string) IOVEC_INIT((char*) string, strlen(string))
+ #define IOVEC_MAKE_STRING(string) (struct iovec) IOVEC_INIT_STRING(string)
++
++char* set_iovec_string_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value);
+diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
+index 20c1fb0..db2cf64 100644
+--- a/src/coredump/coredump.c
++++ b/src/coredump/coredump.c
+@@ -1063,19 +1063,10 @@ static int send_iovec(const struct iovec iovec[], size_t n_iovec, int input_fd)
+ return 0;
+ }
+
+-static char* set_iovec_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value) {
+- char *x;
+-
+- x = strappend(field, value);
+- if (x)
+- iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(x);
+- return x;
+-}
+-
+ static char* set_iovec_field_free(struct iovec *iovec, size_t *n_iovec, const char *field, char *value) {
+ char *x;
+
+- x = set_iovec_field(iovec, n_iovec, field, value);
++ x = set_iovec_string_field(iovec, n_iovec, field, value);
+ free(value);
+ return x;
+ }
+@@ -1125,36 +1116,36 @@ static int gather_pid_metadata(
+ disable_coredumps();
+ }
+
+- set_iovec_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]);
++ set_iovec_string_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]);
+ }
+
+ if (cg_pid_get_user_unit(pid, &t) >= 0)
+ set_iovec_field_free(iovec, n_iovec, "COREDUMP_USER_UNIT=", t);
+
+ /* The next few are mandatory */
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context[CONTEXT_HOSTNAME]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context[CONTEXT_HOSTNAME]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM]))
+ return log_oom();
+
+ if (context[CONTEXT_EXE] &&
+- !set_iovec_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE]))
++ !set_iovec_string_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE]))
+ return log_oom();
+
+ if (sd_pid_get_session(pid, &t) >= 0)
+@@ -1222,7 +1213,7 @@ static int gather_pid_metadata(
+ iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(t);
+
+ if (safe_atoi(context[CONTEXT_SIGNAL], &signo) >= 0 && SIGNAL_VALID(signo))
+- set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo));
++ set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo));
+
+ return 0; /* we successfully acquired all metadata */
+ }
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index f096725..2a960eb 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -905,6 +905,7 @@ static void dispatch_message_real(
+ pid_t object_pid) {
+
+ char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)];
++ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL;
+ uid_t journal_uid;
+ ClientContext *o;
+
+@@ -921,20 +922,23 @@ static void dispatch_message_real(
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->uid, uid_t, uid_is_valid, UID_FMT, "_UID");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->gid, gid_t, gid_is_valid, GID_FMT, "_GID");
+
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM");
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE");
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->cmdline, "_CMDLINE");
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE");
++ IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */
++ IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */
+
+- IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
++ if (c->cmdline)
++ /* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack.
++ * Let's use a heap allocation for this one. */
++ cmdline1 = set_iovec_string_field(iovec, &n, "_CMDLINE=", c->cmdline);
+
++ IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */
++ IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "_AUDIT_SESSION");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->loginuid, uid_t, uid_is_valid, UID_FMT, "_AUDIT_LOGINUID");
+
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP");
++ IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); /* A path */
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->session, "_SYSTEMD_SESSION");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->owner_uid, uid_t, uid_is_valid, UID_FMT, "_SYSTEMD_OWNER_UID");
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT");
++ IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->user_unit, "_SYSTEMD_USER_UNIT");
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->slice, "_SYSTEMD_SLICE");
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->user_slice, "_SYSTEMD_USER_SLICE");
+@@ -955,13 +959,14 @@ static void dispatch_message_real(
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_UID");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->gid, gid_t, gid_is_valid, GID_FMT, "OBJECT_GID");
+
++ /* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */
+ IOVEC_ADD_STRING_FIELD(iovec, n, o->comm, "OBJECT_COMM");
+ IOVEC_ADD_STRING_FIELD(iovec, n, o->exe, "OBJECT_EXE");
+- IOVEC_ADD_STRING_FIELD(iovec, n, o->cmdline, "OBJECT_CMDLINE");
+- IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
++ if (o->cmdline)
++ cmdline2 = set_iovec_string_field(iovec, &n, "OBJECT_CMDLINE=", o->cmdline);
+
++ IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
+ IOVEC_ADD_SIZED_FIELD(iovec, n, o->label, o->label_size, "OBJECT_SELINUX_CONTEXT");
+-
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "OBJECT_AUDIT_SESSION");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->loginuid, uid_t, uid_is_valid, UID_FMT, "OBJECT_AUDIT_LOGINUID");
+
diff --git a/debian/patches/journald-lower-the-maximum-entry-size-limit-to-for-non-se.patch b/debian/patches/journald-lower-the-maximum-entry-size-limit-to-for-non-se.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a1e96bfaa7a6dff0e481d11bdd2f08d83d5c9449
--- /dev/null
+++ b/debian/patches/journald-lower-the-maximum-entry-size-limit-to-for-non-se.patch
@@ -0,0 +1,32 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 22:52:53 +0100
+Subject: =?utf-8?q?journald=3A_lower_the_maximum_entry_size_limit_to_=C2=BD?=
+ =?utf-8?q?_for_non-sealed_fds?=
+
+We immediately read the whole contents into memory, making thigs much more
+expensive. Sealed fds should be used instead since they are more efficient
+on our side.
+
+(cherry picked from commit 6670c9de196c8e2d5e84a8890cbb68f70c4db6e3)
+(cherry picked from commit f0ad5fe17fc6cee1f04f8f93899538ea2e96256c)
+---
+ src/journal/journald-native.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
+index 50aad6d..221188d 100644
+--- a/src/journal/journald-native.c
++++ b/src/journal/journald-native.c
+@@ -376,8 +376,10 @@ void server_process_native_file(
+ if (st.st_size <= 0)
+ return;
+
+- if (st.st_size > ENTRY_SIZE_MAX) {
+- log_error("File passed too large. Ignoring.");
++ /* When !sealed, set a lower memory limit. We have to read the file,
++ * effectively doubling memory use. */
++ if (st.st_size > ENTRY_SIZE_MAX / (sealed ? 1 : 2)) {
++ log_error("File passed too large (%"PRIu64" bytes). Ignoring.", (uint64_t) st.st_size);
+ return;
+ }
+
diff --git a/debian/patches/journald-remove-unnecessary.patch b/debian/patches/journald-remove-unnecessary.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6e04c6b169577a5677d6d5aa2b8118f6356ab037
--- /dev/null
+++ b/debian/patches/journald-remove-unnecessary.patch
@@ -0,0 +1,32 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 17:53:50 +0100
+Subject: journald: remove unnecessary {}
+
+(cherry picked from commit bc2762a309132a34db1797d8b5792d5747a94484)
+(cherry picked from commit ccbb69e14ea9938c20ced03b4952fee0d22684b0)
+---
+ src/journal/journald-server.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 434325c..f096725 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -1276,8 +1276,7 @@ int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void
+ return log_error_errno(errno, "recvmsg() failed: %m");
+ }
+
+- CMSG_FOREACH(cmsg, &msghdr) {
+-
++ CMSG_FOREACH(cmsg, &msghdr)
+ if (cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_CREDENTIALS &&
+ cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
+@@ -1295,7 +1294,6 @@ int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void
+ fds = (int*) CMSG_DATA(cmsg);
+ n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
+ }
+- }
+
+ /* And a trailing NUL, just in case */
+ s->buffer[n] = 0;
diff --git a/debian/patches/journald-set-a-limit-on-the-number-of-fields-1k.patch b/debian/patches/journald-set-a-limit-on-the-number-of-fields-1k.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3ee7a4265def6a425b2b03c057c1d511c2055a27
--- /dev/null
+++ b/debian/patches/journald-set-a-limit-on-the-number-of-fields-1k.patch
@@ -0,0 +1,52 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 22:45:02 +0100
+Subject: journald: set a limit on the number of fields (1k)
+
+We allocate a iovec entry for each field, so with many short entries,
+our memory usage and processing time can be large, even with a relatively
+small message size. Let's refuse overly long entries.
+
+CVE-2018-16865
+https://bugzilla.redhat.com/show_bug.cgi?id=1653861
+
+What from I can see, the problem is not from an alloca, despite what the CVE
+description says, but from the attack multiplication that comes from creating
+many very small iovecs: (void* + size_t) for each three bytes of input message.
+
+(cherry picked from commit 052c57f132f04a3cf4148f87561618da1a6908b4)
+(cherry picked from commit eaf1d6e1e6ec5023ffdc2801e2b671226e862774)
+---
+ src/journal/journald-native.c | 5 +++++
+ src/shared/journal-importer.h | 3 +++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
+index e86178e..d0fee2a 100644
+--- a/src/journal/journald-native.c
++++ b/src/journal/journald-native.c
+@@ -141,6 +141,11 @@ static int server_process_entry(
+ }
+
+ /* A property follows */
++ if (n > ENTRY_FIELD_COUNT_MAX) {
++ log_debug("Received an entry that has more than " STRINGIFY(ENTRY_FIELD_COUNT_MAX) " fields, ignoring entry.");
++ r = 1;
++ goto finish;
++ }
+
+ /* n existing properties, 1 new, +1 for _TRANSPORT */
+ if (!GREEDY_REALLOC(iovec, m,
+diff --git a/src/shared/journal-importer.h b/src/shared/journal-importer.h
+index 53354b7..7914c0c 100644
+--- a/src/shared/journal-importer.h
++++ b/src/shared/journal-importer.h
+@@ -21,6 +21,9 @@
+ #endif
+ #define LINE_CHUNK 8*1024u
+
++/* The maximum number of fields in an entry */
++#define ENTRY_FIELD_COUNT_MAX 1024
++
+ struct iovec_wrapper {
+ struct iovec *iovec;
+ size_t size_bytes;
diff --git a/debian/patches/journald-when-processing-a-native-message-bail-more-quick.patch b/debian/patches/journald-when-processing-a-native-message-bail-more-quick.patch
new file mode 100644
index 0000000000000000000000000000000000000000..368c476ad854df816626a63233bc6bda1be160b0
--- /dev/null
+++ b/debian/patches/journald-when-processing-a-native-message-bail-more-quick.patch
@@ -0,0 +1,203 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 22:50:39 +0100
+Subject: journald: when processing a native message,
+ bail more quickly on overbig messages
+
+We'd first parse all or most of the message, and only then consider if it
+is not too large. Also, when encountering a single field over the limit,
+we'd still process the preceding part of the message. Let's be stricter,
+and check size limits early, and let's refuse the whole message if it fails
+any of the size limits.
+
+(cherry picked from commit 964ef920ea6735d39f856b05fd8ef451a09a6a1d)
+(cherry picked from commit c13facb835046af8ab8ebad2ec63d9e8c0909f26)
+---
+ src/journal/journald-native.c | 65 ++++++++++++++++++++++++-------------------
+ 1 file changed, 37 insertions(+), 28 deletions(-)
+
+diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
+index d0fee2a..50aad6d 100644
+--- a/src/journal/journald-native.c
++++ b/src/journal/journald-native.c
+@@ -110,7 +110,7 @@ static int server_process_entry(
+ int priority = LOG_INFO;
+ pid_t object_pid = 0;
+ const char *p;
+- int r = 0;
++ int r = 1;
+
+ p = buffer;
+
+@@ -122,8 +122,7 @@ static int server_process_entry(
+ if (!e) {
+ /* Trailing noise, let's ignore it, and flush what we collected */
+ log_debug("Received message with trailing noise, ignoring.");
+- r = 1; /* finish processing of the message */
+- break;
++ break; /* finish processing of the message */
+ }
+
+ if (e == p) {
+@@ -133,8 +132,7 @@ static int server_process_entry(
+ }
+
+ if (IN_SET(*p, '.', '#')) {
+- /* Ignore control commands for now, and
+- * comments too. */
++ /* Ignore control commands for now, and comments too. */
+ *remaining -= (e - p) + 1;
+ p = e + 1;
+ continue;
+@@ -143,7 +141,6 @@ static int server_process_entry(
+ /* A property follows */
+ if (n > ENTRY_FIELD_COUNT_MAX) {
+ log_debug("Received an entry that has more than " STRINGIFY(ENTRY_FIELD_COUNT_MAX) " fields, ignoring entry.");
+- r = 1;
+ goto finish;
+ }
+
+@@ -153,7 +150,7 @@ static int server_process_entry(
+ N_IOVEC_META_FIELDS + N_IOVEC_OBJECT_FIELDS +
+ client_context_extra_fields_n_iovec(context))) {
+ r = log_oom();
+- break;
++ goto finish;
+ }
+
+ q = memchr(p, '=', e - p);
+@@ -162,6 +159,16 @@ static int server_process_entry(
+ size_t l;
+
+ l = e - p;
++ if (l > DATA_SIZE_MAX) {
++ log_debug("Received text block of %zu bytes is too large, ignoring entry.", l);
++ goto finish;
++ }
++
++ if (entry_size + l + n + 1 > ENTRY_SIZE_MAX) { /* data + separators + trailer */
++ log_debug("Entry is too big (%zu bytes after processing %zu entries), ignoring entry.",
++ entry_size + l, n + 1);
++ goto finish;
++ }
+
+ /* If the field name starts with an underscore, skip the variable, since that indicates
+ * a trusted field */
+@@ -179,7 +186,7 @@ static int server_process_entry(
+ p = e + 1;
+ continue;
+ } else {
+- uint64_t l;
++ uint64_t l, total;
+ char *k;
+
+ if (*remaining < e - p + 1 + sizeof(uint64_t) + 1) {
+@@ -188,10 +195,16 @@ static int server_process_entry(
+ }
+
+ l = unaligned_read_le64(e + 1);
+-
+ if (l > DATA_SIZE_MAX) {
+- log_debug("Received binary data block of %"PRIu64" bytes is too large, ignoring.", l);
+- break;
++ log_debug("Received binary data block of %"PRIu64" bytes is too large, ignoring entry.", l);
++ goto finish;
++ }
++
++ total = (e - p) + 1 + l;
++ if (entry_size + total + n + 1 > ENTRY_SIZE_MAX) { /* data + separators + trailer */
++ log_debug("Entry is too big (%"PRIu64"bytes after processing %zu fields), ignoring.",
++ entry_size + total, n + 1);
++ goto finish;
+ }
+
+ if ((uint64_t) *remaining < e - p + 1 + sizeof(uint64_t) + l + 1 ||
+@@ -200,7 +213,7 @@ static int server_process_entry(
+ break;
+ }
+
+- k = malloc((e - p) + 1 + l);
++ k = malloc(total);
+ if (!k) {
+ log_oom();
+ break;
+@@ -228,15 +241,8 @@ static int server_process_entry(
+ }
+ }
+
+- if (n <= 0) {
+- r = 1;
++ if (n <= 0)
+ goto finish;
+- }
+-
+- if (!client_context_test_priority(context, priority)) {
+- r = 0;
+- goto finish;
+- }
+
+ tn = n++;
+ iovec[tn] = IOVEC_MAKE_STRING("_TRANSPORT=journal");
+@@ -247,6 +253,11 @@ static int server_process_entry(
+ goto finish;
+ }
+
++ r = 0; /* Success, we read the message. */
++
++ if (!client_context_test_priority(context, priority))
++ goto finish;
++
+ if (message) {
+ if (s->forward_to_syslog)
+ server_forward_syslog(s, syslog_fixup_facility(priority), identifier, message, ucred, tv);
+@@ -318,15 +329,13 @@ void server_process_native_file(
+ bool sealed;
+ int r;
+
+- /* Data is in the passed fd, since it didn't fit in a
+- * datagram. */
++ /* Data is in the passed fd, probably it didn't fit in a datagram. */
+
+ assert(s);
+ assert(fd >= 0);
+
+ /* If it's a memfd, check if it is sealed. If so, we can just
+- * use map it and use it, and do not need to copy the data
+- * out. */
++ * mmap it and use it, and do not need to copy the data out. */
+ sealed = memfd_get_sealed(fd) > 0;
+
+ if (!sealed && (!ucred || ucred->uid != 0)) {
+@@ -393,7 +402,7 @@ void server_process_native_file(
+ ssize_t n;
+
+ if (fstatvfs(fd, &vfs) < 0) {
+- log_error_errno(errno, "Failed to stat file system of passed file, ignoring: %m");
++ log_error_errno(errno, "Failed to stat file system of passed file, not processing it: %m");
+ return;
+ }
+
+@@ -403,7 +412,7 @@ void server_process_native_file(
+ * https://github.com/systemd/systemd/issues/1822
+ */
+ if (vfs.f_flag & ST_MANDLOCK) {
+- log_error("Received file descriptor from file system with mandatory locking enabled, refusing.");
++ log_error("Received file descriptor from file system with mandatory locking enabled, not processing it.");
+ return;
+ }
+
+@@ -416,13 +425,13 @@ void server_process_native_file(
+ * and so is SMB. */
+ r = fd_nonblock(fd, true);
+ if (r < 0) {
+- log_error_errno(r, "Failed to make fd non-blocking, ignoring: %m");
++ log_error_errno(r, "Failed to make fd non-blocking, not processing it: %m");
+ return;
+ }
+
+ /* The file is not sealed, we can't map the file here, since
+ * clients might then truncate it and trigger a SIGBUS for
+- * us. So let's stupidly read it */
++ * us. So let's stupidly read it. */
+
+ p = malloc(st.st_size);
+ if (!p) {
diff --git a/debian/patches/json-handle-NULL-explicitly-in-json_variant_has_type.patch b/debian/patches/json-handle-NULL-explicitly-in-json_variant_has_type.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1db4b594c878e5978da5fc780d564e19eba76114
--- /dev/null
+++ b/debian/patches/json-handle-NULL-explicitly-in-json_variant_has_type.patch
@@ -0,0 +1,23 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 4 Jan 2019 13:24:18 +0100
+Subject: json: handle NULL explicitly in json_variant_has_type()
+
+(cherry picked from commit f8c186c9ece5c1c0b89abf52f058efb0ed37e0cb)
+(cherry picked from commit 388e534d24cac041bd00b48f27a84d6b31089c67)
+---
+ src/shared/json.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/shared/json.c b/src/shared/json.c
+index 59c4617..c9ee74c 100644
+--- a/src/shared/json.c
++++ b/src/shared/json.c
+@@ -979,6 +979,8 @@ bool json_variant_has_type(JsonVariant *v, JsonVariantType type) {
+ JsonVariantType rt;
+
+ v = json_variant_dereference(v);
++ if (!v)
++ return false;
+
+ rt = json_variant_type(v);
+ if (rt == type)
diff --git a/debian/patches/libudev-util-make-util_replace_whitespace-read-only-len-c.patch b/debian/patches/libudev-util-make-util_replace_whitespace-read-only-len-c.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a59c44b5286d8b53886b9e73326c8ed898ca9080
--- /dev/null
+++ b/debian/patches/libudev-util-make-util_replace_whitespace-read-only-len-c.patch
@@ -0,0 +1,93 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Tue, 25 Dec 2018 12:56:48 +0900
+Subject: libudev-util: make util_replace_whitespace() read only len
+ characters
+
+This effectively reverts df8ba4fa0e8be1ff7899d08a4b6be0196c8405a0.
+
+Fixes #11264.
+
+(cherry picked from commit 577ab71c58d36bc8577d15f172a306c9c05cd2f4)
+(cherry picked from commit c3712308fc090116e388f395e4a8bb0bd8446ea6)
+---
+ src/libudev/libudev-util.c | 13 +++++++------
+ src/test/test-libudev.c | 27 +++++++++++++++++----------
+ 2 files changed, 24 insertions(+), 16 deletions(-)
+
+diff --git a/src/libudev/libudev-util.c b/src/libudev/libudev-util.c
+index f67ab40..7e21719 100644
+--- a/src/libudev/libudev-util.c
++++ b/src/libudev/libudev-util.c
+@@ -122,19 +122,20 @@ size_t util_path_encode(const char *src, char *dest, size_t size) {
+ *
+ * Note this may be called with 'str' == 'to', i.e. to replace whitespace
+ * in-place in a buffer. This function can handle that situation.
++ *
++ * Note that only 'len' characters are read from 'str'.
+ */
+ size_t util_replace_whitespace(const char *str, char *to, size_t len) {
+ bool is_space = false;
+- const char *p = str;
+- size_t j;
++ size_t i, j;
+
+ assert(str);
+ assert(to);
+
+- p += strspn(p, WHITESPACE);
++ i = strspn(str, WHITESPACE);
+
+- for (j = 0; j < len && *p != '\0'; p++) {
+- if (isspace(*p)) {
++ for (j = 0; j < len && i < len && str[i] != '\0'; i++) {
++ if (isspace(str[i])) {
+ is_space = true;
+ continue;
+ }
+@@ -146,7 +147,7 @@ size_t util_replace_whitespace(const char *str, char *to, size_t len) {
+ to[j++] = '_';
+ is_space = false;
+ }
+- to[j++] = *p;
++ to[j++] = str[i];
+ }
+
+ to[j] = '\0';
+diff --git a/src/test/test-libudev.c b/src/test/test-libudev.c
+index 10bf365..09fd466 100644
+--- a/src/test/test-libudev.c
++++ b/src/test/test-libudev.c
+@@ -364,16 +364,23 @@ static void test_util_replace_whitespace(void) {
+ test_util_replace_whitespace_one_len("hoge hoge ", 1, "h");
+ test_util_replace_whitespace_one_len("hoge hoge ", 0, "");
+
+- test_util_replace_whitespace_one_len(" hoge hoge ", 9, "hoge_hoge");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 8, "hoge_hog");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 7, "hoge_ho");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 6, "hoge_h");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 5, "hoge");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 4, "hoge");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 3, "hog");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 2, "ho");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 1, "h");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 0, "");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 16, "hoge_hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 15, "hoge_hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 14, "hoge_hog");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 13, "hoge_ho");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 12, "hoge_h");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 11, "hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 10, "hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 9, "hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 8, "hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 7, "hog");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 6, "ho");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 5, "h");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 4, "");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 3, "");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 2, "");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 1, "");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 0, "");
+ }
+
+ static void test_util_resolve_subsys_kernel_one(const char *str, bool read_value, int retval, const char *expected) {
diff --git a/debian/patches/logind-do-not-pass-negative-number-to-strerror.patch b/debian/patches/logind-do-not-pass-negative-number-to-strerror.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ed07a780f209bd2e01f7a51d84c28c16064969dd
--- /dev/null
+++ b/debian/patches/logind-do-not-pass-negative-number-to-strerror.patch
@@ -0,0 +1,23 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 9 Jan 2019 14:08:29 +0100
+Subject: logind: do not pass negative number to strerror
+
+(cherry picked from commit 65641b3cdc12923320879bac6f071eb45a70e79c)
+(cherry picked from commit 8f8f3191d33ca8583fe62a9e6268e2a914a7b2c0)
+---
+ src/login/logind-seat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
+index c758ffd..a6d88f8 100644
+--- a/src/login/logind-seat.c
++++ b/src/login/logind-seat.c
+@@ -376,7 +376,7 @@ int seat_read_active_vt(Seat *s) {
+
+ k = read(s->manager->console_active_fd, t, sizeof(t)-1);
+ if (k <= 0) {
+- log_error("Failed to read current console: %s", k < 0 ? strerror(-errno) : "EOF");
++ log_error("Failed to read current console: %s", k < 0 ? strerror(errno) : "EOF");
+ return k < 0 ? -errno : -EIO;
+ }
+
diff --git a/debian/patches/man-update-color-of-journal-logs-in-DEBUG-level.patch b/debian/patches/man-update-color-of-journal-logs-in-DEBUG-level.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f6429f358b8977ab97ff118a82c7376d64073602
--- /dev/null
+++ b/debian/patches/man-update-color-of-journal-logs-in-DEBUG-level.patch
@@ -0,0 +1,26 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 3 Jan 2019 06:21:17 +0900
+Subject: man: update color of journal logs in DEBUG level
+
+Fixes #11303.
+
+(cherry picked from commit 8a6d06cbaa794b1546d01a15dc5cdfde9f836101)
+---
+ man/journalctl.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/journalctl.xml b/man/journalctl.xml
+index 58f3aa2..7ff0a47 100644
+--- a/man/journalctl.xml
++++ b/man/journalctl.xml
+@@ -118,8 +118,8 @@
+
+ <para>When outputting to a tty, lines are colored according to
+ priority: lines of level ERROR and higher are colored red; lines
+- of level NOTICE and higher are highlighted; other lines are
+- displayed normally.</para>
++ of level NOTICE and higher are highlighted; lines of level DEBUG
++ are colored lighter grey; other lines are displayed normally.</para>
+ </refsect1>
+
+ <refsect1>
diff --git a/debian/patches/meson-stop-setting-fPIE-globally.patch b/debian/patches/meson-stop-setting-fPIE-globally.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ae0eaa137019a1d08012bc72af503fe15ce234a5
--- /dev/null
+++ b/debian/patches/meson-stop-setting-fPIE-globally.patch
@@ -0,0 +1,43 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 10 Jan 2019 12:58:27 +0100
+Subject: meson: stop setting -fPIE globally
+
+Setting -fPIE globally can lead to miscompilations on certain
+architectures.
+This is caused by both -fPIE and -fPIC options being added to various
+compilation commands. Only -fPIC is being recorded in the LTO options
+section of the object. The gcc-8 LTO plugin merges -fPIC + -fPIE to
+nothing. So, the compilations done by the plugin are not
+position-independent and fail to link with -pie.
+
+The simplest solution is to stop setting -fPIE globally and instead
+using meson's b_pie=true option. This requires meson 0.49 or later.
+
+Since we don't set this option in meson.build but leave it up to the
+distro maintainer to set this option, do not bump the meson version
+requirement.
+
+Fixes: #10548
+(cherry picked from commit 4e4bbc439eb7f16a608f457d3eaac08c60633212)
+---
+ meson.build | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index b338886..e6b28e1 100644
+--- a/meson.build
++++ b/meson.build
+@@ -362,13 +362,6 @@ possible_link_flags = [
+ '-Wl,-z,now',
+ ]
+
+-# the oss-fuzz fuzzers are not built with -fPIE, so don't
+-# enable it when we are linking against them
+-if not fuzzer_build
+- possible_cc_flags += '-fPIE'
+- possible_link_flags += '-pie'
+-endif
+-
+ if cc.get_id() == 'clang'
+ possible_cc_flags += [
+ '-Wno-typedef-redefinition',
diff --git a/debian/patches/network-do-not-ignore-errors-on-link_request_set_neighbor.patch b/debian/patches/network-do-not-ignore-errors-on-link_request_set_neighbor.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8fd65ed47d56fd26b21540f459cb507d482c2b58
--- /dev/null
+++ b/debian/patches/network-do-not-ignore-errors-on-link_request_set_neighbor.patch
@@ -0,0 +1,45 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 30 Dec 2018 22:07:23 +0900
+Subject: network: do not ignore errors on link_request_set_neighbors() and
+ link_set_routing_policy()
+
+(cherry picked from commit f3ef324dfa72ee1d0e113dbb234c643d8f0286f0)
+---
+ src/network/networkd-link.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index cadf7f8..589a016 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -866,7 +866,9 @@ static int link_request_set_routes(Link *link) {
+
+ link_set_state(link, LINK_STATE_CONFIGURING);
+
+- (void) link_set_routing_policy_rule(link);
++ r = link_set_routing_policy_rule(link);
++ if (r < 0)
++ return r;
+
+ /* First add the routes that enable us to talk to gateways, then add in the others that need a gateway. */
+ for (phase = 0; phase < _PHASE_MAX; phase++)
+@@ -1079,7 +1081,9 @@ static int link_request_set_addresses(Link *link) {
+
+ link_set_state(link, LINK_STATE_CONFIGURING);
+
+- link_request_set_neighbors(link);
++ r = link_request_set_neighbors(link);
++ if (r < 0)
++ return r;
+
+ LIST_FOREACH(addresses, ad, link->network->static_addresses) {
+ r = address_configure(ad, link, address_handler, false);
+@@ -1216,7 +1220,7 @@ static int link_request_set_addresses(Link *link) {
+
+ return 0;
+ }
+- }
++ }
+
+ log_link_debug(link, "Offering DHCPv4 leases");
+ }
diff --git a/debian/patches/network-rename-link_set_routing_policy_rule-to-link_reque.patch b/debian/patches/network-rename-link_set_routing_policy_rule-to-link_reque.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a0541e3ecff83fb0099dc8f99346db0e3aa8a460
--- /dev/null
+++ b/debian/patches/network-rename-link_set_routing_policy_rule-to-link_reque.patch
@@ -0,0 +1,34 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 30 Dec 2018 22:10:32 +0900
+Subject: network: rename link_set_routing_policy_rule() to
+ link_request_set_routing_policy_rule()
+
+For consistency to other functions.
+
+(cherry picked from commit 47079967e64727dd9271d2b033b5aa485209a7f7)
+---
+ src/network/networkd-link.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 589a016..e529111 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -787,7 +787,7 @@ void link_check_ready(Link *link) {
+ return;
+ }
+
+-static int link_set_routing_policy_rule(Link *link) {
++static int link_request_set_routing_policy_rule(Link *link) {
+ RoutingPolicyRule *rule, *rrule = NULL;
+ int r;
+
+@@ -866,7 +866,7 @@ static int link_request_set_routes(Link *link) {
+
+ link_set_state(link, LINK_STATE_CONFIGURING);
+
+- r = link_set_routing_policy_rule(link);
++ r = link_request_set_routing_policy_rule(link);
+ if (r < 0)
+ return r;
+
diff --git a/debian/patches/network-set-_configured-flags-to-false-before-requesting-.patch b/debian/patches/network-set-_configured-flags-to-false-before-requesting-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..eb45bdd625ed175cbd6d8f8c7bc9894d6acfdea7
--- /dev/null
+++ b/debian/patches/network-set-_configured-flags-to-false-before-requesting-.patch
@@ -0,0 +1,63 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 30 Dec 2018 22:08:10 +0900
+Subject: network: set *_configured flags to false before requesting addresses
+ or freinds
+
+Fixes #11272.
+
+(cherry picked from commit 2428613f854f46b6624199c2dc58d02617320133)
+---
+ src/network/networkd-link.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index e529111..5353b9d 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -794,6 +794,9 @@ static int link_request_set_routing_policy_rule(Link *link) {
+ assert(link);
+ assert(link->network);
+
++ link_set_state(link, LINK_STATE_CONFIGURING);
++ link->routing_policy_rules_configured = false;
++
+ LIST_FOREACH(rules, rule, link->network->rules) {
+ r = routing_policy_rule_get(link->manager, rule->family, &rule->from, rule->from_prefixlen, &rule->to,
+ rule->to_prefixlen, rule->tos, rule->fwmark, rule->table, rule->iif, rule->oif,
+@@ -865,6 +868,7 @@ static int link_request_set_routes(Link *link) {
+ assert(link->state != _LINK_STATE_INVALID);
+
+ link_set_state(link, LINK_STATE_CONFIGURING);
++ link->static_routes_configured = false;
+
+ r = link_request_set_routing_policy_rule(link);
+ if (r < 0)
+@@ -905,6 +909,7 @@ static int link_request_set_neighbors(Link *link) {
+ assert(link->state != _LINK_STATE_INVALID);
+
+ link_set_state(link, LINK_STATE_CONFIGURING);
++ link->neighbors_configured = false;
+
+ LIST_FOREACH(neighbors, neighbor, link->network->neighbors) {
+ r = neighbor_configure(neighbor, link, NULL);
+@@ -1075,12 +1080,18 @@ static int link_request_set_addresses(Link *link) {
+ assert(link->network);
+ assert(link->state != _LINK_STATE_INVALID);
+
++ link_set_state(link, LINK_STATE_CONFIGURING);
++
++ /* Reset all *_configured flags we are configuring. */
++ link->addresses_configured = false;
++ link->neighbors_configured = false;
++ link->static_routes_configured = false;
++ link->routing_policy_rules_configured = false;
++
+ r = link_set_bridge_fdb(link);
+ if (r < 0)
+ return r;
+
+- link_set_state(link, LINK_STATE_CONFIGURING);
+-
+ r = link_request_set_neighbors(link);
+ if (r < 0)
+ return r;
diff --git a/debian/patches/process-util-don-t-use-overly-large-buffer-to-store-proce.patch b/debian/patches/process-util-don-t-use-overly-large-buffer-to-store-proce.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2c3c5befa12034429f50ff9bdb84f8186663f730
--- /dev/null
+++ b/debian/patches/process-util-don-t-use-overly-large-buffer-to-store-proce.patch
@@ -0,0 +1,68 @@
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Tue, 22 Jan 2019 14:29:50 +0100
+Subject: process-util: don't use overly large buffer to store process command
+ line
+
+Allocate new string as a return value and free our "scratch pad"
+buffer that is potentially much larger than needed (up to
+_SC_ARG_MAX).
+
+Fixes #11502
+
+(cherry picked from commit eb1ec489eef8a32918bbfc56a268c9d10464584d)
+---
+ src/basic/process-util.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/basic/process-util.c b/src/basic/process-util.c
+index 31fdbd9..78ce43b 100644
+--- a/src/basic/process-util.c
++++ b/src/basic/process-util.c
+@@ -102,7 +102,8 @@ int get_process_comm(pid_t pid, char **ret) {
+ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char **line) {
+ _cleanup_fclose_ FILE *f = NULL;
+ bool space = false;
+- char *k, *ans = NULL;
++ char *k;
++ _cleanup_free_ char *ans = NULL;
+ const char *p;
+ int c;
+
+@@ -143,7 +144,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+ if (!ans)
+ return -ENOMEM;
+
+- *line = ans;
++ *line = TAKE_PTR(ans);
+ return 0;
+
+ } else {
+@@ -208,7 +209,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+ _cleanup_free_ char *t = NULL;
+ int h;
+
+- free(ans);
++ ans = mfree(ans);
+
+ if (!comm_fallback)
+ return -ENOENT;
+@@ -241,9 +242,18 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+ if (!ans)
+ return -ENOMEM;
+ }
++
++ *line = TAKE_PTR(ans);
++ return 0;
+ }
+
+- *line = ans;
++ k = realloc(ans, strlen(ans) + 1);
++ if (!k)
++ return -ENOMEM;
++
++ ans = NULL;
++ *line = k;
++
+ return 0;
+ }
+
diff --git a/debian/patches/sd-device-fix-segfault-when-error-occurs-in-device_new_fr.patch b/debian/patches/sd-device-fix-segfault-when-error-occurs-in-device_new_fr.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a77ce18d30f1220961050c563e503ab82e42747e
--- /dev/null
+++ b/debian/patches/sd-device-fix-segfault-when-error-occurs-in-device_new_fr.patch
@@ -0,0 +1,33 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 23 Dec 2018 03:06:47 +0900
+Subject: sd-device: fix segfault when error occurs in
+ device_new_from_{nulstr,strv}()
+
+As devpath may not be set yet.
+
+When debug logging is enabled, log_device_*() calls
+sd_device_get_sysname(). So, we should not assume that devpath is always
+set.
+
+Fixes #11258.
+
+(cherry picked from commit 18fee12a2d489378a2a9b647db0d0eb8c43f5362)
+(cherry picked from commit 9ae73a6273461361eef7e83d48aadee111d6616e)
+---
+ src/libsystemd/sd-device/sd-device.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
+index db58615..9b1ef44 100644
+--- a/src/libsystemd/sd-device/sd-device.c
++++ b/src/libsystemd/sd-device/sd-device.c
+@@ -1002,6 +1002,9 @@ static int device_set_sysname(sd_device *device) {
+ const char *pos;
+ size_t len = 0;
+
++ if (!device->devpath)
++ return -EINVAL;
++
+ pos = strrchr(device->devpath, '/');
+ if (!pos)
+ return -EINVAL;
diff --git a/debian/patches/sd-device-monitor-fix-ordering-of-setting-buffer-size.patch b/debian/patches/sd-device-monitor-fix-ordering-of-setting-buffer-size.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cfe5ee47edc821566ebe4c37fc61a0683101b971
--- /dev/null
+++ b/debian/patches/sd-device-monitor-fix-ordering-of-setting-buffer-size.patch
@@ -0,0 +1,44 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 12 Jan 2019 05:24:54 +0900
+Subject: sd-device-monitor: fix ordering of setting buffer size
+
+By b1c097af8df58a94cba031a347061b7cb9b62d9b (#10239), the receive buffer
+size for uevents was set by SO_RCVBUF at first, and fallback to
+use SO_RCVBUFFORCE. So, as SO_RCVBUF limits to the buffer size
+net.core.rmem_max, which is usually much smaller than 128MB udevd requests,
+uevents buffer size was not sufficient.
+
+This fixes the ordering of the request: SO_RCVBUFFORCE first, and
+fallback to SO_RCVBUF. Then, udevd's uevent buffer size can be set to
+128MB.
+
+This also revert 903893237a2105b05671fe87b8f5d5e7417040d2.
+
+Fixes #11314 and #10754.
+
+(cherry picked from commit ee0b9e721a368742ac6fa9c3d9a33e45dc3203a2)
+---
+ src/libsystemd/sd-device/device-monitor.c | 10 ++--------
+ 1 file changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c
+index b869326..a6230d3 100644
+--- a/src/libsystemd/sd-device/device-monitor.c
++++ b/src/libsystemd/sd-device/device-monitor.c
+@@ -93,14 +93,8 @@ _public_ int sd_device_monitor_set_receive_buffer_size(sd_device_monitor *m, siz
+ assert_return(m, -EINVAL);
+ assert_return((size_t) n == size, -EINVAL);
+
+- if (m->bound)
+- return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+- "sd-device-monitor: Socket fd is already bound. "
+- "It may be dangerous to change buffer size. "
+- "Refusing to change buffer size.");
+-
+- if (setsockopt_int(m->sock, SOL_SOCKET, SO_RCVBUF, n) < 0) {
+- r = setsockopt_int(m->sock, SOL_SOCKET, SO_RCVBUFFORCE, n);
++ if (setsockopt_int(m->sock, SOL_SOCKET, SO_RCVBUFFORCE, n) < 0) {
++ r = setsockopt_int(m->sock, SOL_SOCKET, SO_RCVBUF, n);
+ if (r < 0)
+ return r;
+ }
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000000000000000000000000000000000000..9a7e241da310dc48c88dab40ee4fe90bac74a9e3
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,60 @@
+Do-not-start-server-if-it-is-already-runnning-11245.patch
+core-free-lines-after-reading-them.patch
+switch-root-fix-error-message.patch
+udev-event-do-not-read-stdout-or-stderr-if-the-pipefd-is-.patch
+ask-password-api-do-not-call-ask_password_keyring-if-keyn.patch
+Docs-Add-Missing-Space-Between-Words.patch
+test-json-check-absolute-and-relative-difference-in-float.patch
+Pass-separate-dev_t-var-to-device_path_parse_major_minor.patch
+libudev-util-make-util_replace_whitespace-read-only-len-c.patch
+sd-device-fix-segfault-when-error-occurs-in-device_new_fr.patch
+Revert-sd-device-ignore-bind-unbind-events-for-now.patch
+Revert-udevd-configure-a-child-process-name-for-worker-pr.patch
+test-add-test-for-sending-receiving-an-invalid-device.patch
+journal-rely-on-_cleanup_free_-to-free-a-temporary-string.patch
+Revert-pam_systemd-drop-setting-DBUS_SESSION_BUS_ADDRESS.patch
+udev-rework-how-we-handle-the-return-value-from-spawned-p.patch
+json-handle-NULL-explicitly-in-json_variant_has_type.patch
+udev-node-make-link_find_prioritized-return-negative-valu.patch
+core-mount-make-mount_setup_existing_unit-not-drop-MOUNT_.patch
+coredump-remove-duplicate-MESSAGE-prefix-from-message.patch
+journald-remove-unnecessary.patch
+journald-do-not-store-the-iovec-entry-for-process-command.patch
+basic-process-util-limit-command-line-lengths-to-_SC_ARG_.patch
+coredump-fix-message-when-we-fail-to-save-a-journald-core.patch
+journald-set-a-limit-on-the-number-of-fields-1k.patch
+journald-when-processing-a-native-message-bail-more-quick.patch
+journald-lower-the-maximum-entry-size-limit-to-for-non-se.patch
+httpd-use-a-cleanup-function-to-call-MHD_destroy_response.patch
+journal-remote-verify-entry-length-from-header.patch
+journal-remote-set-a-limit-on-the-number-of-fields-in-a-m.patch
+logind-do-not-pass-negative-number-to-strerror.patch
+udevd-drop-redundant-call-to-sd_event_get_exit_code.patch
+udev-open-control-and-netlink-sockets-before-daemonizatio.patch
+Revert-logind-become-the-controlling-terminal-process-bef.patch
+udevadm-refuse-to-run-trigger-control-settle-and-monitor-.patch
+network-do-not-ignore-errors-on-link_request_set_neighbor.patch
+network-rename-link_set_routing_policy_rule-to-link_reque.patch
+network-set-_configured-flags-to-false-before-requesting-.patch
+man-update-color-of-journal-logs-in-DEBUG-level.patch
+sd-device-monitor-fix-ordering-of-setting-buffer-size.patch
+meson-stop-setting-fPIE-globally.patch
+Revert-Always-rename-an-interface-to-its-name-specified-i.patch
+process-util-don-t-use-overly-large-buffer-to-store-proce.patch
+debian/Use-Debian-specific-config-files.patch
+debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
+debian/Make-run-lock-tmpfs-an-API-fs.patch
+debian/Revert-udev-network-device-renaming-immediately-give.patch
+debian/Add-support-for-TuxOnIce-hibernation.patch
+debian/Re-enable-journal-forwarding-to-syslog.patch
+debian/Don-t-enable-audit-by-default.patch
+debian/Only-start-logind-if-dbus-is-installed.patch
+debian/fsckd-daemon-for-inter-fsckd-communication.patch
+debian/Skip-filesystem-check-if-already-done-by-the-initram.patch
+debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch
+debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
+debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch
+debian/Let-graphical-session-pre.target-be-manually-started.patch
+debian/Add-env-variable-for-machine-ID-path.patch
+debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch
+debian/Drop-seccomp-system-call-filter-for-udev.patch
diff --git a/debian/patches/switch-root-fix-error-message.patch b/debian/patches/switch-root-fix-error-message.patch
new file mode 100644
index 0000000000000000000000000000000000000000..75d1301b60b50b34d441d626a11b1f884bb0a56a
--- /dev/null
+++ b/debian/patches/switch-root-fix-error-message.patch
@@ -0,0 +1,25 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Tue, 25 Dec 2018 13:10:18 +0900
+Subject: switch-root: fix error message
+
+Fixes #11261.
+
+(cherry picked from commit a5c67ccc575e6ebf12710cb7df84f65a51c5dc58)
+(cherry picked from commit ebcd154e1df434865d2752efdccbc7737bb28029)
+---
+ src/shared/switch-root.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/switch-root.c b/src/shared/switch-root.c
+index ee31c44..dbb4622 100644
+--- a/src/shared/switch-root.c
++++ b/src/shared/switch-root.c
+@@ -83,7 +83,7 @@ int switch_root(const char *new_root,
+ (void) mkdir_p_label(chased, 0755);
+
+ if (mount(i, chased, NULL, mount_flags, NULL) < 0)
+- return log_error_errno(r, "Failed to mount %s to %s: %m", i, chased);
++ return log_error_errno(errno, "Failed to mount %s to %s: %m", i, chased);
+ }
+
+ /* Do not fail if base_filesystem_create() fails. Not all switch roots are like base_filesystem_create() wants
diff --git a/debian/patches/test-add-test-for-sending-receiving-an-invalid-device.patch b/debian/patches/test-add-test-for-sending-receiving-an-invalid-device.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c0cc4365dd6b069afacf1401669f35c298dc4903
--- /dev/null
+++ b/debian/patches/test-add-test-for-sending-receiving-an-invalid-device.patch
@@ -0,0 +1,132 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 23 Dec 2018 03:28:28 +0900
+Subject: test: add test for sending/receiving an invalid device
+
+(cherry picked from commit 4fe0caadc85431118f2d8aea7570307cfc2aed27)
+(cherry picked from commit c2a11194c33de9bc7545a7c4df3fda5b90f02a50)
+---
+ src/libsystemd/sd-device/test-sd-device-monitor.c | 81 +++++++++++++++--------
+ 1 file changed, 54 insertions(+), 27 deletions(-)
+
+diff --git a/src/libsystemd/sd-device/test-sd-device-monitor.c b/src/libsystemd/sd-device/test-sd-device-monitor.c
+index 9e5ca11..48b49fb 100644
+--- a/src/libsystemd/sd-device/test-sd-device-monitor.c
++++ b/src/libsystemd/sd-device/test-sd-device-monitor.c
+@@ -24,11 +24,43 @@ static int monitor_handler(sd_device_monitor *m, sd_device *d, void *userdata) {
+ return sd_event_exit(sd_device_monitor_get_event(m), 0);
+ }
+
+-static int test_send_receive_one(sd_device *device, bool subsystem_filter, bool tag_filter, bool use_bpf) {
++static int test_receive_device_fail(void) {
+ _cleanup_(sd_device_monitor_unrefp) sd_device_monitor *monitor_server = NULL, *monitor_client = NULL;
+- const char *syspath, *subsystem, *tag, *devtype = NULL;
++ _cleanup_(sd_device_unrefp) sd_device *loopback = NULL;
++ const char *syspath;
+ int r;
+
++ log_info("/* %s */", __func__);
++
++ /* Try to send device with invalid action and without seqnum. */
++ assert_se(sd_device_new_from_syspath(&loopback, "/sys/class/net/lo") >= 0);
++ assert_se(device_add_property(loopback, "ACTION", "hoge") >= 0);
++
++ assert_se(sd_device_get_syspath(loopback, &syspath) >= 0);
++
++ assert_se(device_monitor_new_full(&monitor_server, MONITOR_GROUP_NONE, -1) >= 0);
++ assert_se(sd_device_monitor_start(monitor_server, NULL, NULL) >= 0);
++ assert_se(sd_event_source_set_description(sd_device_monitor_get_event_source(monitor_server), "sender") >= 0);
++
++ assert_se(device_monitor_new_full(&monitor_client, MONITOR_GROUP_NONE, -1) >= 0);
++ assert_se(device_monitor_allow_unicast_sender(monitor_client, monitor_server) >= 0);
++ assert_se(sd_device_monitor_start(monitor_client, monitor_handler, (void *) syspath) >= 0);
++ assert_se(sd_event_source_set_description(sd_device_monitor_get_event_source(monitor_client), "receiver") >= 0);
++
++ /* Do not use assert_se() here. */
++ r = device_monitor_send_device(monitor_server, monitor_client, loopback);
++ if (r < 0)
++ return log_error_errno(r, "Failed to send loopback device: %m");
++
++ assert_se(sd_event_run(sd_device_monitor_get_event(monitor_client), 0) >= 0);
++
++ return 0;
++}
++
++static void test_send_receive_one(sd_device *device, bool subsystem_filter, bool tag_filter, bool use_bpf) {
++ _cleanup_(sd_device_monitor_unrefp) sd_device_monitor *monitor_server = NULL, *monitor_client = NULL;
++ const char *syspath, *subsystem, *tag, *devtype = NULL;
++
+ log_device_info(device, "/* %s(subsystem_filter=%s, tag_filter=%s, use_bpf=%s) */", __func__,
+ true_false(subsystem_filter), true_false(tag_filter), true_false(use_bpf));
+
+@@ -56,14 +88,8 @@ static int test_send_receive_one(sd_device *device, bool subsystem_filter, bool
+ if ((subsystem_filter || tag_filter) && use_bpf)
+ assert_se(sd_device_monitor_filter_update(monitor_client) >= 0);
+
+- /* Do not use assert_se() here. */
+- r = device_monitor_send_device(monitor_server, monitor_client, device);
+- if (r < 0)
+- return log_error_errno(r, "Failed to send loopback device: %m");
+-
++ assert_se(device_monitor_send_device(monitor_server, monitor_client, device) >= 0);
+ assert_se(sd_event_loop(sd_device_monitor_get_event(monitor_client)) == 0);
+-
+- return 0;
+ }
+
+ static void test_subsystem_filter(sd_device *device) {
+@@ -111,22 +137,23 @@ int main(int argc, char *argv[]) {
+ if (getuid() != 0)
+ return log_tests_skipped("not root");
+
+- assert_se(sd_device_new_from_syspath(&loopback, "/sys/class/net/lo") >= 0);
+- assert_se(device_add_property(loopback, "ACTION", "add") >= 0);
+- assert_se(device_add_property(loopback, "SEQNUM", "10") >= 0);
+-
+- r = test_send_receive_one(loopback, false, false, false);
++ r = test_receive_device_fail();
+ if (r < 0) {
+ assert_se(r == -EPERM && detect_container() > 0);
+ return log_tests_skipped("Running in container? Skipping remaining tests");
+ }
+
+- assert_se(test_send_receive_one(loopback, true, false, false) >= 0);
+- assert_se(test_send_receive_one(loopback, false, true, false) >= 0);
+- assert_se(test_send_receive_one(loopback, true, true, false) >= 0);
+- assert_se(test_send_receive_one(loopback, true, false, true) >= 0);
+- assert_se(test_send_receive_one(loopback, false, true, true) >= 0);
+- assert_se(test_send_receive_one(loopback, true, true, true) >= 0);
++ assert_se(sd_device_new_from_syspath(&loopback, "/sys/class/net/lo") >= 0);
++ assert_se(device_add_property(loopback, "ACTION", "add") >= 0);
++ assert_se(device_add_property(loopback, "SEQNUM", "10") >= 0);
++
++ test_send_receive_one(loopback, false, false, false);
++ test_send_receive_one(loopback, true, false, false);
++ test_send_receive_one(loopback, false, true, false);
++ test_send_receive_one(loopback, true, true, false);
++ test_send_receive_one(loopback, true, false, true);
++ test_send_receive_one(loopback, false, true, true);
++ test_send_receive_one(loopback, true, true, true);
+
+ test_subsystem_filter(loopback);
+
+@@ -139,13 +166,13 @@ int main(int argc, char *argv[]) {
+ assert_se(device_add_property(sda, "ACTION", "change") >= 0);
+ assert_se(device_add_property(sda, "SEQNUM", "11") >= 0);
+
+- assert_se(test_send_receive_one(sda, false, false, false) >= 0);
+- assert_se(test_send_receive_one(sda, true, false, false) >= 0);
+- assert_se(test_send_receive_one(sda, false, true, false) >= 0);
+- assert_se(test_send_receive_one(sda, true, true, false) >= 0);
+- assert_se(test_send_receive_one(sda, true, false, true) >= 0);
+- assert_se(test_send_receive_one(sda, false, true, true) >= 0);
+- assert_se(test_send_receive_one(sda, true, true, true) >= 0);
++ test_send_receive_one(sda, false, false, false);
++ test_send_receive_one(sda, true, false, false);
++ test_send_receive_one(sda, false, true, false);
++ test_send_receive_one(sda, true, true, false);
++ test_send_receive_one(sda, true, false, true);
++ test_send_receive_one(sda, false, true, true);
++ test_send_receive_one(sda, true, true, true);
+
+ return 0;
+ }
diff --git a/debian/patches/test-json-check-absolute-and-relative-difference-in-float.patch b/debian/patches/test-json-check-absolute-and-relative-difference-in-float.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d083a9b54b30f62c4be211314fac4a1bda6f8264
--- /dev/null
+++ b/debian/patches/test-json-check-absolute-and-relative-difference-in-float.patch
@@ -0,0 +1,54 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 21 Dec 2018 22:49:53 +0100
+Subject: test-json: check absolute and relative difference in floating point
+ test
+
+The test fails under valgrind, so there was an exception for valgrind.
+Unfortunately that check only works when valgrind-devel headers are
+available during build. But it is possible to have just valgrind installed,
+or simply install it after the build, and then "valgrind test-json" would
+fail.
+
+It also seems that even without valgrind, this fails on some arm32 CPUs.
+Let's do the usual-style test for absolute and relative differences.
+
+(cherry picked from commit aa70783f55b369521b94e0985e84bbdaae16b174)
+(cherry picked from commit 88938bf95b850849d075d7a6ebe37bb1d9780efe)
+---
+ src/test/test-json.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/src/test/test-json.c b/src/test/test-json.c
+index 5aa4d19..cd6269f 100644
+--- a/src/test/test-json.c
++++ b/src/test/test-json.c
+@@ -1,9 +1,6 @@
+ /* SPDX-License-Identifier: LGPL-2.1+ */
+
+ #include <math.h>
+-#if HAVE_VALGRIND_VALGRIND_H
+-#include <valgrind/valgrind.h>
+-#endif
+
+ #include "alloc-util.h"
+ #include "fd-util.h"
+@@ -45,12 +42,13 @@ static void test_tokenizer(const char *data, ...) {
+
+ d = va_arg(ap, long double);
+
+-#if HAVE_VALGRIND_VALGRIND_H
+- if (!RUNNING_ON_VALGRIND)
+-#endif
+- /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit:
+- * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits */
+- assert_se(fabsl(d - v.real) < 0.001L);
++ /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit:
++ * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits.
++ * Some architectures might not support long double either.
++ */
++
++ assert_se(fabsl(d - v.real) < 1e-10 ||
++ fabsl((d - v.real) / v.real) < 1e-10);
+
+ } else if (t == JSON_TOKEN_INTEGER) {
+ intmax_t i;
diff --git a/debian/patches/udev-event-do-not-read-stdout-or-stderr-if-the-pipefd-is-.patch b/debian/patches/udev-event-do-not-read-stdout-or-stderr-if-the-pipefd-is-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3ea72f4212b956fed798afb955792b322b0f97cc
--- /dev/null
+++ b/debian/patches/udev-event-do-not-read-stdout-or-stderr-if-the-pipefd-is-.patch
@@ -0,0 +1,41 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 26 Dec 2018 00:36:55 +0900
+Subject: udev-event: do not read stdout or stderr if the pipefd is not
+ created
+
+Fixes #11255.
+
+(cherry picked from commit adeb26c1affd09138bb96a9e25b795d146e64c97)
+(cherry picked from commit 32a11a27b69031240beea38260d93e034ea33036)
+---
+ src/udev/udev-event.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
+index e28d6a5..3e91697 100644
+--- a/src/udev/udev-event.c
++++ b/src/udev/udev-event.c
+@@ -570,13 +570,17 @@ static int spawn_wait(Spawn *spawn) {
+ }
+ }
+
+- r = sd_event_add_io(e, NULL, spawn->fd_stdout, EPOLLIN, on_spawn_io, spawn);
+- if (r < 0)
+- return r;
++ if (spawn->fd_stdout >= 0) {
++ r = sd_event_add_io(e, NULL, spawn->fd_stdout, EPOLLIN, on_spawn_io, spawn);
++ if (r < 0)
++ return r;
++ }
+
+- r = sd_event_add_io(e, NULL, spawn->fd_stderr, EPOLLIN, on_spawn_io, spawn);
+- if (r < 0)
+- return r;
++ if (spawn->fd_stderr >= 0) {
++ r = sd_event_add_io(e, NULL, spawn->fd_stderr, EPOLLIN, on_spawn_io, spawn);
++ if (r < 0)
++ return r;
++ }
+
+ r = sd_event_add_child(e, NULL, spawn->pid, WEXITED, on_spawn_sigchld, spawn);
+ if (r < 0)
diff --git a/debian/patches/udev-node-make-link_find_prioritized-return-negative-valu.patch b/debian/patches/udev-node-make-link_find_prioritized-return-negative-valu.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d8f5bf5e1599487c289902182f61c102782cabcc
--- /dev/null
+++ b/debian/patches/udev-node-make-link_find_prioritized-return-negative-valu.patch
@@ -0,0 +1,29 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 9 Jan 2019 02:46:03 +0900
+Subject: udev-node: make link_find_prioritized() return negative value when
+ nothing found
+
+Fixes a bug introduced by a2554acec652fc65c8ed0c6c1fede9ba8c3693b1.
+
+Fixes RHBZ#1662303.
+
+(cherry picked from commit 82d9ac23fd5ab2befe2a95187640a8d38799dd64)
+(cherry picked from commit f665fe3e2e74548a2a236f3b7635227621aa568a)
+---
+ src/udev/udev-node.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
+index c11eb8c..c77010c 100644
+--- a/src/udev/udev-node.c
++++ b/src/udev/udev-node.c
+@@ -181,6 +181,9 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir,
+ priority = db_prio;
+ }
+
++ if (!target)
++ return -ENOENT;
++
+ *ret = TAKE_PTR(target);
+ return 0;
+ }
diff --git a/debian/patches/udev-open-control-and-netlink-sockets-before-daemonizatio.patch b/debian/patches/udev-open-control-and-netlink-sockets-before-daemonizatio.patch
new file mode 100644
index 0000000000000000000000000000000000000000..61d789fdd54bff2633f73893753858b6017b471c
--- /dev/null
+++ b/debian/patches/udev-open-control-and-netlink-sockets-before-daemonizatio.patch
@@ -0,0 +1,171 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 8 Jan 2019 22:41:16 +0100
+Subject: udev: open control and netlink sockets before daemonization
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+c4b69e990f962128cc6975e36e91e9ad838fa2c4 effectively moved the initalization of socket.
+Before that commit:
+run → listen_fds → udev_ctrl_new → udev_ctrl_new_from_fd → socket()
+After:
+run → main_loop → manager_new → udev_ctrl_new_from_fd → socket()
+
+The problem is that main_loop was called after daemonization. Move manager_new
+out of main_loop and before daemonization.
+
+Fixes #11314 (hopefully ;)).
+
+v2: Yu Watanabe
+sd_event is initialized in main_loop().
+
+(cherry picked from commit b5af8c8cdf5fc7cc5d4108460270728375eb7fc4)
+(cherry picked from commit 6b59b44b87568fe5f8362018f47d440b1e6681dd)
+---
+ src/udev/udevd.c | 67 ++++++++++++++++++++++++++++----------------------------
+ 1 file changed, 34 insertions(+), 33 deletions(-)
+
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index 6938d81..a1050a7 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -1590,7 +1590,7 @@ static int parse_argv(int argc, char *argv[]) {
+
+ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cgroup) {
+ _cleanup_(manager_freep) Manager *manager = NULL;
+- int r, fd_worker;
++ int r;
+
+ assert(ret);
+
+@@ -1604,25 +1604,13 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cg
+ .cgroup = cgroup,
+ };
+
+- udev_builtin_init();
+-
+- r = udev_rules_new(&manager->rules, arg_resolve_name_timing);
+- if (!manager->rules)
+- return log_error_errno(r, "Failed to read udev rules: %m");
+-
+ manager->ctrl = udev_ctrl_new_from_fd(fd_ctrl);
+ if (!manager->ctrl)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize udev control socket");
+
+- if (fd_ctrl < 0) {
+- r = udev_ctrl_enable_receiving(manager->ctrl);
+- if (r < 0)
+- return log_error_errno(r, "Failed to bind udev control socket: %m");
+- }
+-
+- fd_ctrl = udev_ctrl_get_fd(manager->ctrl);
+- if (fd_ctrl < 0)
+- return log_error_errno(fd_ctrl, "Failed to get udev control socket fd: %m");
++ r = udev_ctrl_enable_receiving(manager->ctrl);
++ if (r < 0)
++ return log_error_errno(r, "Failed to bind udev control socket: %m");
+
+ r = device_monitor_new_full(&manager->monitor, MONITOR_GROUP_KERNEL, fd_uevent);
+ if (r < 0)
+@@ -1630,6 +1618,18 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cg
+
+ (void) sd_device_monitor_set_receive_buffer_size(manager->monitor, 128 * 1024 * 1024);
+
++ r = device_monitor_enable_receiving(manager->monitor);
++ if (r < 0)
++ return log_error_errno(r, "Failed to bind netlink socket: %m");
++
++ *ret = TAKE_PTR(manager);
++
++ return 0;
++}
++
++static int main_loop(Manager *manager) {
++ int fd_worker, fd_ctrl, r;
++
+ /* unnamed socket from workers to the main daemon */
+ r = socketpair(AF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0, manager->worker_watch);
+ if (r < 0)
+@@ -1675,6 +1675,10 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cg
+ if (r < 0)
+ return log_error_errno(r, "Failed to create watchdog event source: %m");
+
++ fd_ctrl = udev_ctrl_get_fd(manager->ctrl);
++ if (fd_ctrl < 0)
++ return log_error_errno(fd_ctrl, "Failed to get udev control socket fd: %m");
++
+ r = sd_event_add_io(manager->event, &manager->ctrl_event, fd_ctrl, EPOLLIN, on_ctrl_msg, manager);
+ if (r < 0)
+ return log_error_errno(r, "Failed to create udev control event source: %m");
+@@ -1709,20 +1713,11 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cg
+ if (r < 0)
+ return log_error_errno(r, "Failed to create post event source: %m");
+
+- *ret = TAKE_PTR(manager);
+-
+- return 0;
+-}
+-
+-static int main_loop(int fd_ctrl, int fd_uevent, const char *cgroup) {
+- _cleanup_(manager_freep) Manager *manager = NULL;
+- int r;
++ udev_builtin_init();
+
+- r = manager_new(&manager, fd_ctrl, fd_uevent, cgroup);
+- if (r < 0) {
+- r = log_error_errno(r, "Failed to allocate manager object: %m");
+- goto exit;
+- }
++ r = udev_rules_new(&manager->rules, arg_resolve_name_timing);
++ if (!manager->rules)
++ return log_error_errno(r, "Failed to read udev rules: %m");
+
+ r = udev_rules_apply_static_dev_perms(manager->rules);
+ if (r < 0)
+@@ -1739,13 +1734,12 @@ static int main_loop(int fd_ctrl, int fd_uevent, const char *cgroup) {
+ sd_notify(false,
+ "STOPPING=1\n"
+ "STATUS=Shutting down...");
+- if (manager)
+- udev_ctrl_cleanup(manager->ctrl);
+ return r;
+ }
+
+ static int run(int argc, char *argv[]) {
+ _cleanup_free_ char *cgroup = NULL;
++ _cleanup_(manager_freep) Manager *manager = NULL;
+ int fd_ctrl = -1, fd_uevent = -1;
+ int r;
+
+@@ -1822,10 +1816,14 @@ static int run(int argc, char *argv[]) {
+ if (r < 0)
+ return log_error_errno(r, "Failed to listen on fds: %m");
+
++ r = manager_new(&manager, fd_ctrl, fd_uevent, cgroup);
++ if (r < 0)
++ return log_error_errno(r, "Failed to create manager: %m");
++
+ if (arg_daemonize) {
+ pid_t pid;
+
+- log_info("starting version " PACKAGE_VERSION);
++ log_info("Starting version " PACKAGE_VERSION);
+
+ /* connect /dev/null to stdin, stdout, stderr */
+ if (log_get_max_level() < LOG_DEBUG) {
+@@ -1849,7 +1847,10 @@ static int run(int argc, char *argv[]) {
+ log_debug_errno(r, "Failed to adjust OOM score, ignoring: %m");
+ }
+
+- return main_loop(fd_ctrl, fd_uevent, cgroup);
++ r = main_loop(manager);
++ /* FIXME: move this into manager_free() */
++ udev_ctrl_cleanup(manager->ctrl);
++ return r;
+ }
+
+ DEFINE_MAIN_FUNCTION(run);
diff --git a/debian/patches/udev-rework-how-we-handle-the-return-value-from-spawned-p.patch b/debian/patches/udev-rework-how-we-handle-the-return-value-from-spawned-p.patch
new file mode 100644
index 0000000000000000000000000000000000000000..9993cbf6b7404b469fe77ef08b9e6be848759c7f
--- /dev/null
+++ b/debian/patches/udev-rework-how-we-handle-the-return-value-from-spawned-p.patch
@@ -0,0 +1,151 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 6 Jan 2019 22:17:00 +0100
+Subject: udev: rework how we handle the return value from spawned programs
+
+When running PROGRAM="...", we would log
+systemd-udevd[447]: Failed to wait spawned command '...': Input/output error
+no matter why the program actually failed, at error level.
+
+The code wouldn't distinguish between an internal failure and a failure in the
+program being called and run sd_event_exit(..., -EIO) on any kind of error. EIO
+is rather misleading here, becuase it suggests a serious error.
+
+on_spawn_sigchld is updated to set the return code to distinguish failure to
+spawn, including the program being killed by a signal (a negative return value),
+and the program failing (positive return value).
+
+The logging levels are adjusted, so that for PROGRAM= calls, which are
+essentially "if" statements, we only log at debug level (unless we get a
+timeout or segfault or another unexpected error).
+
+(cherry picked from commit a75211421fc9366068e6d9446e8e567246c72feb)
+(cherry picked from commit 5862f1730af205e2b95349b477aeed25b2f3e3b8)
+---
+ src/udev/udev-event.c | 38 +++++++++++++-------------------------
+ src/udev/udev-rules.c | 12 +++++++-----
+ 2 files changed, 20 insertions(+), 30 deletions(-)
+
+diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
+index 3e91697..07b7365 100644
+--- a/src/udev/udev-event.c
++++ b/src/udev/udev-event.c
+@@ -504,38 +504,34 @@ static int on_spawn_timeout_warning(sd_event_source *s, uint64_t usec, void *use
+
+ static int on_spawn_sigchld(sd_event_source *s, const siginfo_t *si, void *userdata) {
+ Spawn *spawn = userdata;
++ int ret = -EIO;
+
+ assert(spawn);
+
+ switch (si->si_code) {
+ case CLD_EXITED:
+- if (si->si_status == 0) {
++ if (si->si_status == 0)
+ log_debug("Process '%s' succeeded.", spawn->cmd);
+- sd_event_exit(sd_event_source_get_event(s), 0);
+-
+- return 1;
+- }
+-
+- log_full(spawn->accept_failure ? LOG_DEBUG : LOG_WARNING,
+- "Process '%s' failed with exit code %i.", spawn->cmd, si->si_status);
++ else
++ log_full(spawn->accept_failure ? LOG_DEBUG : LOG_WARNING,
++ "Process '%s' failed with exit code %i.", spawn->cmd, si->si_status);
++ ret = si->si_status;
+ break;
+ case CLD_KILLED:
+ case CLD_DUMPED:
+- log_warning("Process '%s' terminated by signal %s.", spawn->cmd, signal_to_string(si->si_status));
+-
++ log_error("Process '%s' terminated by signal %s.", spawn->cmd, signal_to_string(si->si_status));
+ break;
+ default:
+ log_error("Process '%s' failed due to unknown reason.", spawn->cmd);
+ }
+
+- sd_event_exit(sd_event_source_get_event(s), -EIO);
+-
++ sd_event_exit(sd_event_source_get_event(s), ret);
+ return 1;
+ }
+
+ static int spawn_wait(Spawn *spawn) {
+ _cleanup_(sd_event_unrefp) sd_event *e = NULL;
+- int r, ret;
++ int r;
+
+ assert(spawn);
+
+@@ -586,15 +582,7 @@ static int spawn_wait(Spawn *spawn) {
+ if (r < 0)
+ return r;
+
+- r = sd_event_loop(e);
+- if (r < 0)
+- return r;
+-
+- r = sd_event_get_exit_code(e, &ret);
+- if (r < 0)
+- return r;
+-
+- return ret;
++ return sd_event_loop(e);
+ }
+
+ int udev_event_spawn(UdevEvent *event,
+@@ -679,12 +667,12 @@ int udev_event_spawn(UdevEvent *event,
+ };
+ r = spawn_wait(&spawn);
+ if (r < 0)
+- return log_error_errno(r, "Failed to wait spawned command '%s': %m", cmd);
++ return log_error_errno(r, "Failed to wait for spawned command '%s': %m", cmd);
+
+ if (result)
+ result[spawn.result_len] = '\0';
+
+- return r;
++ return r; /* 0 for success, and positive if the program failed */
+ }
+
+ static int rename_netif(UdevEvent *event) {
+@@ -899,7 +887,7 @@ void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec) {
+ (void) usleep(event->exec_delay_usec);
+ }
+
+- udev_event_spawn(event, timeout_usec, false, command, NULL, 0);
++ (void) udev_event_spawn(event, timeout_usec, false, command, NULL, 0);
+ }
+ }
+ }
+diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
+index 53c68d2..f697972 100644
+--- a/src/udev/udev-rules.c
++++ b/src/udev/udev-rules.c
+@@ -645,11 +645,13 @@ static int import_program_into_properties(UdevEvent *event,
+ const char *program) {
+ char result[UTIL_LINE_SIZE];
+ char *line;
+- int err;
++ int r;
+
+- err = udev_event_spawn(event, timeout_usec, true, program, result, sizeof(result));
+- if (err < 0)
+- return err;
++ r = udev_event_spawn(event, timeout_usec, false, program, result, sizeof result);
++ if (r < 0)
++ return r;
++ if (r > 0)
++ return -EIO;
+
+ line = result;
+ while (line) {
+@@ -1959,7 +1961,7 @@ int udev_rules_apply_to_event(
+ rules_str(rules, rule->rule.filename_off),
+ rule->rule.filename_line);
+
+- if (udev_event_spawn(event, timeout_usec, true, program, result, sizeof(result)) < 0) {
++ if (udev_event_spawn(event, timeout_usec, true, program, result, sizeof(result)) != 0) {
+ if (cur->key.op != OP_NOMATCH)
+ goto nomatch;
+ } else {
diff --git a/debian/patches/udevadm-refuse-to-run-trigger-control-settle-and-monitor-.patch b/debian/patches/udevadm-refuse-to-run-trigger-control-settle-and-monitor-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d63dae5a6a0a0ac63c9409ed79e1ba7cc3ab4da2
--- /dev/null
+++ b/debian/patches/udevadm-refuse-to-run-trigger-control-settle-and-monitor-.patch
@@ -0,0 +1,111 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 7 Jan 2019 14:30:55 +0900
+Subject: udevadm: refuse to run trigger, control,
+ settle and monitor commands in chroot
+
+Closes #11333.
+
+(cherry picked from commit c494b739a47359ab2697482f52545e2a6d1c86ad)
+---
+ src/udev/udevadm-control.c | 6 ++++++
+ src/udev/udevadm-monitor.c | 6 ++++++
+ src/udev/udevadm-settle.c | 6 ++++++
+ src/udev/udevadm-trigger.c | 6 ++++++
+ 4 files changed, 24 insertions(+)
+
+diff --git a/src/udev/udevadm-control.c b/src/udev/udevadm-control.c
+index d932041..cb9b4cc 100644
+--- a/src/udev/udevadm-control.c
++++ b/src/udev/udevadm-control.c
+@@ -26,6 +26,7 @@
+ #include "udevadm.h"
+ #include "udev-ctrl.h"
+ #include "util.h"
++#include "virt.h"
+
+ static int help(void) {
+ printf("%s control OPTION\n\n"
+@@ -70,6 +71,11 @@ int control_main(int argc, char *argv[], void *userdata) {
+ if (r < 0)
+ return r;
+
++ if (running_in_chroot() > 0) {
++ log_info("Running in chroot, ignoring request.");
++ return 0;
++ }
++
+ if (argc <= 1)
+ log_error("Option missing");
+
+diff --git a/src/udev/udevadm-monitor.c b/src/udev/udevadm-monitor.c
+index f7737d0..f1b3e25 100644
+--- a/src/udev/udevadm-monitor.c
++++ b/src/udev/udevadm-monitor.c
+@@ -17,6 +17,7 @@
+ #include "signal-util.h"
+ #include "string-util.h"
+ #include "udevadm.h"
++#include "virt.h"
+
+ static bool arg_show_property = false;
+ static bool arg_print_kernel = false;
+@@ -210,6 +211,11 @@ int monitor_main(int argc, char *argv[], void *userdata) {
+ if (r <= 0)
+ goto finalize;
+
++ if (running_in_chroot() > 0) {
++ log_info("Running in chroot, ignoring request.");
++ return 0;
++ }
++
+ /* Callers are expecting to see events as they happen: Line buffering */
+ setlinebuf(stdout);
+
+diff --git a/src/udev/udevadm-settle.c b/src/udev/udevadm-settle.c
+index 4ae237d..9b05e9a 100644
+--- a/src/udev/udevadm-settle.c
++++ b/src/udev/udevadm-settle.c
+@@ -18,6 +18,7 @@
+ #include "udevadm.h"
+ #include "udev-ctrl.h"
+ #include "util.h"
++#include "virt.h"
+
+ static usec_t arg_timeout = 120 * USEC_PER_SEC;
+ static const char *arg_exists = NULL;
+@@ -88,6 +89,11 @@ int settle_main(int argc, char *argv[], void *userdata) {
+ if (r <= 0)
+ return r;
+
++ if (running_in_chroot() > 0) {
++ log_info("Running in chroot, ignoring request.");
++ return 0;
++ }
++
+ deadline = now(CLOCK_MONOTONIC) + arg_timeout;
+
+ /* guarantee that the udev daemon isn't pre-processing */
+diff --git a/src/udev/udevadm-trigger.c b/src/udev/udevadm-trigger.c
+index f13a08f..aa9ebd5 100644
+--- a/src/udev/udevadm-trigger.c
++++ b/src/udev/udevadm-trigger.c
+@@ -15,6 +15,7 @@
+ #include "strv.h"
+ #include "udevadm.h"
+ #include "udevadm-util.h"
++#include "virt.h"
+
+ static bool arg_verbose = false;
+ static bool arg_dry_run = false;
+@@ -158,6 +159,11 @@ int trigger_main(int argc, char *argv[], void *userdata) {
+ bool settle = false;
+ int c, r;
+
++ if (running_in_chroot() > 0) {
++ log_info("Running in chroot, ignoring request.");
++ return 0;
++ }
++
+ r = sd_device_enumerator_new(&e);
+ if (r < 0)
+ return r;
diff --git a/debian/patches/udevd-drop-redundant-call-to-sd_event_get_exit_code.patch b/debian/patches/udevd-drop-redundant-call-to-sd_event_get_exit_code.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bcf934d6d1758e5260ba32938dcc4adb39d0f7bc
--- /dev/null
+++ b/debian/patches/udevd-drop-redundant-call-to-sd_event_get_exit_code.patch
@@ -0,0 +1,54 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 8 Jan 2019 22:56:50 +0100
+Subject: udevd: drop redundant call to sd_event_get_exit_code
+
+sd_event_loop returns the same thing anyway.
+
+(cherry picked from commit 44dcf454b604628bf451194482c97ce981596ce5)
+(cherry picked from commit 1f6562d559bd11612b3f59b20fae4ed34d688dff)
+---
+ src/udev/udevd.c | 15 +++------------
+ 1 file changed, 3 insertions(+), 12 deletions(-)
+
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index ec77bd4..6938d81 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -464,7 +464,7 @@ static int worker_device_monitor_handler(sd_device_monitor *monitor, sd_device *
+ static int worker_main(Manager *_manager, sd_device_monitor *monitor, sd_device *first_device) {
+ _cleanup_(sd_device_unrefp) sd_device *dev = first_device;
+ _cleanup_(manager_freep) Manager *manager = _manager;
+- int r, ret;
++ int r;
+
+ assert(manager);
+ assert(monitor);
+@@ -507,11 +507,7 @@ static int worker_main(Manager *_manager, sd_device_monitor *monitor, sd_device
+ if (r < 0)
+ return log_error_errno(r, "Event loop failed: %m");
+
+- r = sd_event_get_exit_code(manager->event, &ret);
+- if (r < 0)
+- return log_error_errno(r, "Failed to get exit code: %m");
+-
+- return ret;
++ return 0;
+ }
+
+ static int worker_spawn(Manager *manager, struct event *event) {
+@@ -1737,14 +1733,9 @@ static int main_loop(int fd_ctrl, int fd_uevent, const char *cgroup) {
+ "STATUS=Processing with %u children at max", arg_children_max);
+
+ r = sd_event_loop(manager->event);
+- if (r < 0) {
++ if (r < 0)
+ log_error_errno(r, "Event loop failed: %m");
+- goto exit;
+- }
+-
+- sd_event_get_exit_code(manager->event, &r);
+
+-exit:
+ sd_notify(false,
+ "STOPPING=1\n"
+ "STATUS=Shutting down...");
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000000000000000000000000000000000000..09c133a6d30655374073d6e0185efc10b3c5f619
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,302 @@
+#! /usr/bin/make -f
+
+#export DH_VERBOSE = 1
+#export DEB_BUILD_OPTIONS = nostrip
+
+export LC_ALL = C.UTF-8
+
+include /usr/share/dpkg/default.mk
+
+ifeq ($(DEB_VENDOR),Ubuntu)
+ DEFAULT_NTP_SERVERS = ntp.ubuntu.com
+ SUPPORT_URL = http://www.ubuntu.com/support
+ CONFFLAGS_DISTRO = -Ddns-servers=''
+else
+ DEFAULT_NTP_SERVERS = 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
+ SUPPORT_URL = https://www.debian.org/support
+ CONFFLAGS_DISTRO =
+endif
+
+ifneq (, $(filter $(DEB_BUILD_ARCH), riscv64))
+ TEST_TIMEOUT_MULTIPLIER = "-t 10"
+endif
+
+# fail on missing files and symbols changes on distro builds, but not if we
+# build/test upstream master
+ifeq ($(TEST_UPSTREAM),)
+ DH_MISSING = --fail-missing
+ GENSYMBOLS_LEVEL = 4
+else
+ DH_MISSING = --list-missing
+ GENSYMBOLS_LEVEL = 1
+endif
+
+ifneq (, $(filter noudeb, $(DEB_BUILD_OPTIONS)))
+export DEB_BUILD_PROFILES += noudeb
+endif
+
+CONFFLAGS = \
+ -Db_lto=true \
+ -Db_pie=true \
+ -Drootlibdir=/lib/$(DEB_HOST_MULTIARCH) \
+ -Dsplit-usr=true \
+ -Dquotaon-path=/sbin/quotaon \
+ -Dquotacheck-path=/sbin/quotacheck \
+ -Dkmod-path=/bin/kmod \
+ -Dkexec-path=/sbin/kexec \
+ -Dsulogin-path=/sbin/sulogin \
+ -Dmount-path=/bin/mount \
+ -Dumount-path=/bin/umount \
+ -Dloadkeys-path=/bin/loadkeys \
+ -Dsetfont-path=/bin/setfont \
+ -Dtelinit-path=/lib/sysvinit/telinit \
+ -Dsysvinit-path=/etc/init.d \
+ -Dsysvrcnd-path=/etc \
+ -Ddebug-shell=/bin/bash \
+ -Dzshcompletiondir=/usr/share/zsh/vendor-completions \
+ -Ddbuspolicydir=/usr/share/dbus-1/system.d/ \
+ -Dsupport-url=$(SUPPORT_URL) \
+ -Ddefault-kill-user-processes=false \
+ -Dpamconfdir=no \
+ -Drpmmacrosdir=no \
+ -Dqrencode=false \
+ -Dvconsole=false \
+ -Dfirstboot=false \
+ -Dxkbcommon=false \
+ -Dportabled=false \
+ -Dwheel-group=false \
+ -Dntp-servers="$(DEFAULT_NTP_SERVERS)" \
+ -Dlink-udev-shared=false \
+ -Dsystem-uid-max=999 \
+ -Dsystem-gid-max=999 \
+ -Dnobody-user=nobody \
+ -Dnobody-group=nogroup \
+ -Dbump-proc-sys-fs-nr-open=false \
+ -Ddev-kvm-mode=0660
+
+# resolved's DNSSEC support is still not mature enough, don't enable it by
+# default on stable Debian or any Ubuntu releases
+CONFFLAGS += $(shell grep -qE 'stretch|ubuntu' /etc/os-release && echo -Ddefault-dnssec=no)
+
+CONFFLAGS_deb = \
+ -Dselinux=true \
+ -Dhwdb=true \
+ -Dsysusers=true \
+ -Dinstall-tests=true \
+ -Defi=true \
+ -Dnss-myhostname=true \
+ -Dnss-mymachines=true \
+ -Dnss-resolve=true \
+ -Dnss-systemd=true \
+ -Dresolve=true \
+ -Dlink-systemctl-shared=false
+
+ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES)))
+CONFFLAGS_deb += \
+ -Daudit=true \
+ -Dlibcryptsetup=true \
+ -Dcoredump=true \
+ -Delfutils=true \
+ -Dapparmor=true \
+ -Dlibidn=true \
+ -Dlibiptc=true \
+ -Dlibcurl=true \
+ -Dimportd=true \
+ -Dmicrohttpd=true \
+ -Dgnutls=true
+else
+CONFFLAGS_deb += \
+ -Daudit=false \
+ -Dlibcryptsetup=false \
+ -Dcoredump=false \
+ -Delfutils=false \
+ -Dapparmor=false \
+ -Dlibidn=false \
+ -Dlibiptc=false \
+ -Dlibcurl=false \
+ -Dimportd=false \
+ -Dmicrohttpd=false \
+ -Dgnutls=false
+endif
+
+CONFFLAGS_udeb = \
+ -Dlibcryptsetup=false \
+ -Dcoredump=false \
+ -Delfutils=false \
+ -Dpam=false \
+ -Daudit=false \
+ -Dselinux=false\
+ -Dapparmor=false \
+ -Dlibidn=false \
+ -Dlibiptc=false \
+ -Dsmack=false \
+ -Dima=false \
+ -Dbinfmt=false \
+ -Dquotacheck=false \
+ -Dtmpfiles=false \
+ -Drandomseed=false \
+ -Dbacklight=false \
+ -Dlogind=false \
+ -Dmachined=false \
+ -Dlibcurl=false \
+ -Dimportd=false \
+ -Dmicrohttpd=false \
+ -Dgnutls=false \
+ -Dhostnamed=false \
+ -Dtimedated=false \
+ -Dnetworkd=false \
+ -Dtimesyncd=false \
+ -Dlocaled=false \
+ -Dnss-myhostname=false \
+ -Dnss-mymachines=false \
+ -Dnss-resolve=false \
+ -Dnss-systemd=false \
+ -Dresolve=false \
+ -Dpolkit=false \
+ -Dacl=false \
+ -Dgcrypt=false \
+ -Drfkill=false \
+ -Dhwdb=false \
+ -Dman=false \
+ -Defi=false \
+ -Dseccomp=false \
+ -Dsysusers=false
+
+override_dh_auto_configure:
+ dh_auto_configure --builddirectory=build-deb \
+ -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_deb)
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_configure --builddirectory=build-udeb \
+ -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_udeb)
+endif
+
+override_dh_auto_build:
+ dh_auto_build --builddirectory=build-deb
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_build --builddirectory=build-udeb
+endif
+ # generate POT file for translators
+ ninja -C build-deb/ systemd-pot
+
+override_dh_auto_install:
+ dh_auto_install --builddirectory=build-deb \
+ --destdir=debian/install/deb
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_install --builddirectory=build-udeb \
+ --destdir=debian/install/udeb
+endif
+ # fix paths in manpages; manually check the remaining /usr occurrences
+ # occasionally, with filtering out paths which are known to be in /usr:
+ # grep -r /usr debian/install/deb/usr/share/man/|egrep -v '/usr/local|os.*release|factory|zoneinfo|tmpfiles|kernel|foo|machines|sysctl|dbus|include|binfmt'
+ find debian/install/deb/usr/share/man/ -type f | xargs sed -ri 's_/usr(/lib/systemd/system|/lib/systemd/network|/lib/udev|/lib[^/]|/lib/[^a-z])_\1_g'
+
+override_dh_auto_clean:
+ifneq (, $(TEST_UPSTREAM))
+ debian/extra/checkout-upstream
+endif
+ dh_auto_clean --builddirectory=build-deb
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_clean --builddirectory=build-udeb
+endif
+ rm -rf debian/install/ debian/shlibs.local
+ # remove Python byte code files
+ rm -rf tools/__pycache__/
+ rm -f po/systemd.pot
+
+override_dh_install:
+ # remove unnecessary / unused files
+ rm -f debian/install/*/usr/share/doc/systemd/LICENSE.*
+ rm -f debian/install/*/var/log/README
+ rm -f debian/install/*/etc/init.d/README
+ rm -f debian/install/*/usr/lib/sysctl.d/50-default.conf
+ rm -f debian/install/*/etc/X11/xinit/xinitrc.d/50-systemd-user.sh
+ rmdir -p --ignore-fail-on-non-empty debian/install/*/etc/X11/xinit/xinitrc.d/
+ rm -f debian/install/*/lib/systemd/system/halt-local.service
+ # remove files related to factory-reset feature
+ find debian/install/ \( -name 'systemd-update-done*' -o \
+ -name systemd-journal-catalog-update.service -o \
+ -name systemd-udev-hwdb-update.service -o \
+ -name ldconfig.service -o \
+ -name etc.conf \) -delete
+ rm -rf debian/install/*/usr/share/factory/
+ # remove symlinks enabling default-on services
+ rm -rf debian/install/*/etc/systemd/system/*.target.wants/
+ # remove aliases
+ find debian/install/*/etc/systemd/system/ -type l -delete
+ # replace upstream sysusers.d/basic.conf with proper users for Debian
+ debian/extra/make-sysusers-basic > debian/install/deb/usr/lib/sysusers.d/basic.conf
+ # remove resolvconf compat symlink
+ rm -f debian/install/*/sbin/resolvconf
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_install -pudev-udeb -plibudev1-udeb --sourcedir=debian/install/udeb
+endif
+
+ dh_install --remaining-packages --sourcedir=debian/install/deb
+
+ # we don't want /tmp to be a tmpfs by default
+ mv debian/systemd/lib/systemd/system/tmp.mount debian/systemd/usr/share/systemd/
+ printf '\n[Install]\nWantedBy=local-fs.target\n' >> debian/systemd/usr/share/systemd/tmp.mount
+ rm debian/systemd/lib/systemd/system/local-fs.target.wants/tmp.mount
+
+ # files shipped by cryptsetup
+ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES)))
+ rm debian/systemd/usr/share/man/man5/crypttab.5
+endif
+
+ # files shipped by systemd
+ rm debian/udev/lib/udev/rules.d/70-uaccess.rules
+ rm debian/udev/lib/udev/rules.d/73-seat-late.rules
+ rm debian/udev/lib/udev/rules.d/71-seat.rules
+ rm debian/udev/lib/udev/rules.d/99-systemd.rules
+
+ # remove duplicate files shipped by systemd-*/udev
+ echo "Removing duplicate files in systemd package:"
+ set -e; for pkg in $(shell dh_listpackages -Nudev-udeb -Nlibudev1-udeb -Nsystemd); do \
+ echo "... from $$pkg..."; \
+ (cd debian/$$pkg; find -type f -o -type l) | (cd debian/systemd; xargs rm -f --verbose); \
+ (cd debian/$$pkg; find -mindepth 1 -type d) | (cd debian/systemd; xargs rmdir --ignore-fail-on-non-empty --verbose || true); \
+ done
+
+ # Ubuntu specific files
+ifeq ($(DEB_VENDOR),Ubuntu)
+ install -D --mode=644 debian/extra/udev.py debian/udev/usr/share/apport/package-hooks/udev.py
+ install -D --mode=644 debian/extra/systemd.py debian/systemd/usr/share/apport/package-hooks/systemd.py
+ install --mode=644 debian/extra/rules-ubuntu/*.rules debian/udev/lib/udev/rules.d/
+ cp -a debian/extra/units-ubuntu/* debian/systemd/lib/systemd/system/
+ install --mode=755 debian/extra/set-cpufreq debian/systemd/lib/systemd/
+endif
+
+override_dh_missing:
+ dh_missing --sourcedir debian/install/deb $(DH_MISSING)
+
+override_dh_installinit:
+ dh_installinit --no-start
+
+PROJECT_VERSION ?= $(shell awk '/(PROJECT|PACKAGE)_VERSION/ {print $$3}' build-deb/config.h | tr -d \")
+
+# The SysV compat tools (which are symlinks to systemctl) are
+# quasi-essential, so add their dependencies to Pre-Depends
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753589
+override_dh_shlibdeps:
+ dh_shlibdeps -psystemd -- -dPre-Depends \
+ -edebian/systemd/bin/systemctl \
+ -dDepends
+ dh_shlibdeps --remaining-packages -Lsystemd
+
+override_dh_makeshlibs:
+ sed 's/SHARED_LIB_VERSION/$(PROJECT_VERSION)/' debian/shlibs.local.in > debian/shlibs.local
+ dh_makeshlibs -plibudev1 --add-udeb=libudev1-udeb -- -c$(GENSYMBOLS_LEVEL)
+ dh_makeshlibs -psystemd -Xlibsystemd-shared -- -c$(GENSYMBOLS_LEVEL)
+ dh_makeshlibs --remaining-packages -- -c$(GENSYMBOLS_LEVEL)
+
+override_dh_auto_test:
+ifeq (, $(filter nocheck, $(DEB_BUILD_OPTIONS)))
+ echo "01234567890123456789012345678901" > build-deb/machine-id
+ # some tests hang under fakeroot, so disable fakeroot
+ env -u LD_PRELOAD SYSTEMD_MACHINE_ID_PATH=$(CURDIR)/build-deb/machine-id meson test -C build-deb $(TEST_TIMEOUT_MULTIPLIER) || ( \
+ cat build-deb/meson-logs/testlog.txt; \
+ exit 1)
+endif
+
+%:
+ dh $@ --without autoreconf,systemd --buildsystem=meson
diff --git a/debian/shlibs.local.in b/debian/shlibs.local.in
new file mode 100644
index 0000000000000000000000000000000000000000..432b7268bb349d0f2c9c5664a93514a96eddb445
--- /dev/null
+++ b/debian/shlibs.local.in
@@ -0,0 +1,3 @@
+udeb: libudev 1 libudev1-udeb
+libsystemd 0 libsystemd0 (= ${binary:Version})
+libsystemd-shared SHARED_LIB_VERSION systemd (= ${binary:Version})
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000000000000000000000000000000000000..163aaf8d82b6c54f23c45f32895dbdfdcc27b047
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/systemd-container.install b/debian/systemd-container.install
new file mode 100644
index 0000000000000000000000000000000000000000..4d805b38f2442e1913e744dd2564fc9c7e5fdf8f
--- /dev/null
+++ b/debian/systemd-container.install
@@ -0,0 +1,30 @@
+bin/machinectl
+lib/systemd/import-pubring.gpg
+lib/systemd/systemd-machined
+lib/systemd/systemd-export
+lib/systemd/systemd-import*
+lib/systemd/systemd-pull
+lib/systemd/system/systemd-nspawn@.service
+lib/systemd/system/systemd-importd.service
+lib/systemd/system/systemd-machined.service
+lib/systemd/system/var-lib-machines.mount
+lib/systemd/system/machines.target
+lib/systemd/system/*.target.wants/var-lib-machines.mount
+lib/systemd/system/dbus-org.freedesktop.import1.service
+lib/systemd/system/dbus-org.freedesktop.machine1.service
+usr/bin/systemd-nspawn
+usr/lib/tmpfiles.d/systemd-nspawn.conf
+usr/share/dbus-1/system.d/org.freedesktop.import1.conf
+usr/share/dbus-1/system.d/org.freedesktop.machine1.conf
+usr/share/dbus-1/system-services/org.freedesktop.import1.service
+usr/share/dbus-1/system-services/org.freedesktop.machine1.service
+usr/share/man/man*/*nspawn*
+usr/share/man/man*/machinectl*
+usr/share/man/man*/systemd-machined*
+usr/share/polkit-1/actions/org.freedesktop.import1.policy
+usr/share/polkit-1/actions/org.freedesktop.machine1.policy
+usr/share/zsh/vendor-completions/_systemd-nspawn
+usr/share/zsh/vendor-completions/_sd_machines
+usr/share/zsh/vendor-completions/_machinectl
+usr/share/bash-completion/completions/machinectl
+usr/share/bash-completion/completions/systemd-nspawn
diff --git a/debian/systemd-container.maintscript b/debian/systemd-container.maintscript
new file mode 100644
index 0000000000000000000000000000000000000000..470978c0590bb98ab1ffd01d40b46eea6e449702
--- /dev/null
+++ b/debian/systemd-container.maintscript
@@ -0,0 +1,2 @@
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.import1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.machine1.conf 233-3~
diff --git a/debian/systemd-container.postinst b/debian/systemd-container.postinst
new file mode 100644
index 0000000000000000000000000000000000000000..a65319bf1b0d01685453b2465907eaa31009420d
--- /dev/null
+++ b/debian/systemd-container.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+# Enable machines.target by default on new installs and upgrades
+if dpkg --compare-versions "$2" lt "232-4~"; then
+ systemctl enable machines.target || true
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-container.postrm b/debian/systemd-container.postrm
new file mode 100644
index 0000000000000000000000000000000000000000..2140680fab886493415de958042b5ca4cd739a9f
--- /dev/null
+++ b/debian/systemd-container.postrm
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ purge)
+ # clean up after manually enabled units in postinst
+ rm -f /etc/systemd/system/multi-user.target.wants/machines.target
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/systemd-coredump.install b/debian/systemd-coredump.install
new file mode 100644
index 0000000000000000000000000000000000000000..3efcecba8d28788c618f27f2dbd6f67fa40ce8e1
--- /dev/null
+++ b/debian/systemd-coredump.install
@@ -0,0 +1,11 @@
+usr/bin/coredumpctl
+lib/systemd/systemd-coredump
+lib/systemd/system/systemd-coredump*
+lib/systemd/system/*/systemd-coredump*
+usr/share/man/man1/coredumpctl*
+usr/share/man/man5/coredump.conf*
+usr/share/man/man8/systemd-coredump*
+usr/share/bash-completion/completions/coredumpctl
+usr/share/zsh/vendor-completions/_coredumpctl
+usr/lib/sysctl.d/50-coredump.conf
+etc/systemd/coredump.conf
diff --git a/debian/systemd-coredump.postinst b/debian/systemd-coredump.postinst
new file mode 100644
index 0000000000000000000000000000000000000000..49e755e07d4c5fb88203ffcd5f0b1f196ba56b37
--- /dev/null
+++ b/debian/systemd-coredump.postinst
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = configure ]; then
+ adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd core dump processing" systemd-coredump
+
+ # enable systemd-coredump right after package installation
+ if [ -d /run/systemd/system ]; then
+ systemctl daemon-reload && systemctl start systemd-coredump.socket || true
+ fi
+ /lib/systemd/systemd-sysctl /usr/lib/sysctl.d/50-coredump.conf || true
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-coredump.prerm b/debian/systemd-coredump.prerm
new file mode 100644
index 0000000000000000000000000000000000000000..89cf954eb963361954ead29bec18ba5c017c7278
--- /dev/null
+++ b/debian/systemd-coredump.prerm
@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = remove ]; then
+ # disable systemd-coredump on removal
+ if [ -w /proc/sys/kernel/core_pattern ] && grep -q '^|.*systemd-coredump' /proc/sys/kernel/core_pattern; then
+ echo core > /proc/sys/kernel/core_pattern
+ fi
+ if [ -d /run/systemd/system ]; then
+ systemctl stop systemd-coredump.socket || true
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-journal-remote.install b/debian/systemd-journal-remote.install
new file mode 100644
index 0000000000000000000000000000000000000000..188628b45b298b4d91ef559f55e9ffe42d5afa7c
--- /dev/null
+++ b/debian/systemd-journal-remote.install
@@ -0,0 +1,29 @@
+# systemd-journal-upload
+etc/systemd/journal-upload.conf
+lib/systemd/systemd-journal-upload
+lib/systemd/system/systemd-journal-upload.service
+usr/share/man/man5/journal-upload.conf.d.5
+usr/share/man/man5/journal-upload.conf.5
+usr/share/man/man8/systemd-journal-upload.8
+usr/share/man/man8/systemd-journal-upload.service.8
+
+# systemd-journal-remote
+etc/systemd/journal-remote.conf
+lib/systemd/systemd-journal-remote
+lib/systemd/system/systemd-journal-remote.service
+lib/systemd/system/systemd-journal-remote.socket
+usr/lib/sysusers.d/systemd-remote.conf
+usr/share/man/man5/journal-remote.conf.d.5
+usr/share/man/man5/journal-remote.conf.5
+usr/share/man/man8/systemd-journal-remote.service.8
+usr/share/man/man8/systemd-journal-remote.socket.8
+usr/share/man/man8/systemd-journal-remote.8
+
+# systemd-journal-gatewayd
+lib/systemd/systemd-journal-gatewayd
+lib/systemd/system/systemd-journal-gatewayd.service
+lib/systemd/system/systemd-journal-gatewayd.socket
+usr/share/systemd/gatewayd/
+usr/share/man/man8/systemd-journal-gatewayd.service.8
+usr/share/man/man8/systemd-journal-gatewayd.socket.8
+usr/share/man/man8/systemd-journal-gatewayd.8
diff --git a/debian/systemd-journal-remote.postinst b/debian/systemd-journal-remote.postinst
new file mode 100644
index 0000000000000000000000000000000000000000..8ef91ada9515433617665334db94712c11fd5cee
--- /dev/null
+++ b/debian/systemd-journal-remote.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+adduser --quiet --system \
+ --home /run/systemd --no-create-home \
+ --gecos "systemd Journal Remote" \
+ --group systemd-journal-remote
+
+#DEBHELPER#
diff --git a/debian/systemd-sysv.install b/debian/systemd-sysv.install
new file mode 100644
index 0000000000000000000000000000000000000000..9c104a9df12bf54d79d678c5b00d368876296374
--- /dev/null
+++ b/debian/systemd-sysv.install
@@ -0,0 +1,14 @@
+usr/share/man/man1/init.1
+usr/share/man/man8/telinit.8
+usr/share/man/man8/runlevel.8
+usr/share/man/man8/shutdown.8
+usr/share/man/man8/poweroff.8
+usr/share/man/man8/reboot.8
+usr/share/man/man8/halt.8
+sbin/init
+sbin/telinit
+sbin/runlevel
+sbin/shutdown
+sbin/poweroff
+sbin/reboot
+sbin/halt
diff --git a/debian/systemd-sysv.postinst b/debian/systemd-sysv.postinst
new file mode 100644
index 0000000000000000000000000000000000000000..e2fd036ec013ec0730f15368ce26ec2d41193750
--- /dev/null
+++ b/debian/systemd-sysv.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+# update grub on first install, so that the alternative init system boot
+# entries get updated
+if [ "$1" = configure ] && [ -z "$2" ] && [ -e /boot/grub/grub.cfg ] && which update-grub >/dev/null 2>&1; then
+ update-grub || true
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-tests.install b/debian/systemd-tests.install
new file mode 100644
index 0000000000000000000000000000000000000000..28b745c26ed11c29509fe5baf66742894303649f
--- /dev/null
+++ b/debian/systemd-tests.install
@@ -0,0 +1 @@
+usr/lib/systemd/tests
diff --git a/debian/systemd-tests.lintian-overrides b/debian/systemd-tests.lintian-overrides
new file mode 100644
index 0000000000000000000000000000000000000000..9784f462ac994a931b125854c12316b41377b674
--- /dev/null
+++ b/debian/systemd-tests.lintian-overrides
@@ -0,0 +1,2 @@
+# test programs only, need to link against internal library
+systemd-tests: binary-or-shlib-defines-rpath usr/lib/systemd/tests/*
diff --git a/debian/systemd.NEWS b/debian/systemd.NEWS
new file mode 100644
index 0000000000000000000000000000000000000000..3f90a348a4b72dd052eae7a6962d65a40fae1754
--- /dev/null
+++ b/debian/systemd.NEWS
@@ -0,0 +1,28 @@
+systemd (236-1) unstable; urgency=medium
+
+ DynamicUser=yes has been enabled for systemd-journal-upload.service and
+ systemd-journal-gatewayd.service.
+ This means we no longer need to statically allocate a systemd-journal-upload
+ and systemd-journal-gateway user and you can now safely remove those system
+ users along with their associated groups.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 17 Dec 2017 21:17:32 +0100
+
+systemd (231-1) unstable; urgency=low
+
+ This version drops support for running /etc/rcS.d SysV init scripts.
+ These are prone to cause dependency loops, and almost all Debian packages
+ with rcS scripts now ship a native systemd service. If you have custom or
+ third-party rcS scripts you need to convert them or change them to run
+ in rc2.d/ - rc5.d/; see this page for details:
+ <https://wiki.debian.org/Teams/pkg-systemd/rcSMigration>.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 14 Jul 2016 12:54:34 +0200
+
+systemd (224-2) unstable; urgency=medium
+
+ This version splits out systemd-nspawn, systemd-machined, and machinectl
+ into the new "systemd-container" package. That now also enables
+ systemd-importd.
+
+ -- Martin Pitt <mpitt@debian.org> Sat, 22 Aug 2015 15:58:43 +0200
diff --git a/debian/systemd.bug-control b/debian/systemd.bug-control
new file mode 100644
index 0000000000000000000000000000000000000000..03c8d6b58f0b1d2a91c812ed71940ff0545d6d51
--- /dev/null
+++ b/debian/systemd.bug-control
@@ -0,0 +1 @@
+package-status: udev dracut initramfs-tools
diff --git a/debian/systemd.bug-script b/debian/systemd.bug-script
new file mode 100644
index 0000000000000000000000000000000000000000..b1099e7c188c472204ecb68660943df515b2736c
--- /dev/null
+++ b/debian/systemd.bug-script
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+cat <<EOF
+
+Providing additional information can help diagnose problems with systemd.
+Specifically, this would include:
+- fstab configuration (copy of /etc/fstab).
+- local modifications of unit files (output of systemd-delta).
+- state of running services and units (output of systemd-analyze dump).
+- enabled/disabled state of installed services.
+If this information is not relevant for your bug report or you have privacy
+concerns, please choose no.
+
+EOF
+
+yesno "Do you want to provide additional information [Y|n]? " yep
+[ "$REPLY" = yep ] || exit 0
+
+# We don’t clean up this directory because there is no way to know when
+# reportbug finished running, and reportbug needs the files around.
+# Given that those are just a couple of kilobytes in size and people
+# generally don’t file a lot of bugs, I don’t think it’s a big deal.
+DIR=$(mktemp -d)
+
+echo "-- BEGIN ATTACHMENTS --" >&3
+
+# remove highlighting escape codes from systemd-delta output
+systemd-delta --no-pager 2>&1 |sed "s%\x1b[^m]*m%%g" >$DIR/systemd-delta.txt
+echo "$DIR/systemd-delta.txt" >&3
+
+if [ -d /run/systemd/system ]; then
+ systemd-analyze --no-pager dump >$DIR/systemd-analyze-dump.txt 2>&1
+ echo "$DIR/systemd-analyze-dump.txt" >&3
+fi
+
+if [ -d /var/lib/systemd/deb-systemd-helper-enabled ]; then
+ head -n100 $(find /var/lib/systemd/deb-systemd-helper-enabled -type f | tr '\n' ' ') >$DIR/dsh-enabled.txt
+ echo "$DIR/dsh-enabled.txt" >&3
+fi
+
+echo "/etc/fstab" >&3
+
+echo "-- END ATTACHMENTS --" >&3
diff --git a/debian/systemd.dirs b/debian/systemd.dirs
new file mode 100644
index 0000000000000000000000000000000000000000..fac35d6c7a29887a7446fd3e3131bb339dc461f1
--- /dev/null
+++ b/debian/systemd.dirs
@@ -0,0 +1 @@
+var/lib/systemd
diff --git a/debian/systemd.install b/debian/systemd.install
new file mode 100644
index 0000000000000000000000000000000000000000..f0fa42cb199536d69106a79472999f434801b790
--- /dev/null
+++ b/debian/systemd.install
@@ -0,0 +1,72 @@
+etc/
+bin/systemctl
+bin/journalctl
+bin/loginctl
+bin/machinectl
+bin/networkctl
+bin/systemd-notify
+bin/systemd-tty-ask-password-agent
+bin/systemd-ask-password
+bin/systemd-machine-id-setup
+bin/systemd-tmpfiles
+bin/systemd-inhibit
+bin/systemd-escape
+bin/systemd-sysusers
+lib/modprobe.d/
+lib/systemd/
+lib/udev/rules.d/70-uaccess.rules
+lib/udev/rules.d/73-seat-late.rules
+lib/udev/rules.d/71-seat.rules
+lib/udev/rules.d/99-systemd.rules
+usr/bin/systemd-cgls
+usr/bin/systemd-cgtop
+usr/bin/systemd-nspawn
+usr/bin/systemd-stdio-bridge
+usr/bin/systemd-analyze
+usr/bin/systemd-cat
+usr/bin/systemd-detect-virt
+usr/bin/systemd-delta
+usr/bin/systemd-run
+usr/bin/systemd-path
+usr/bin/systemd-socket-activate
+usr/bin/systemd-mount
+usr/bin/systemd-umount
+usr/bin/systemd-id128
+usr/bin/kernel-install
+usr/bin/bootctl
+usr/bin/busctl
+usr/bin/timedatectl
+usr/bin/localectl
+usr/bin/hostnamectl
+usr/bin/resolvectl
+usr/bin/systemd-resolve
+usr/share/man/man1/
+usr/share/man/man5/
+usr/share/man/man7/
+usr/share/man/man8/
+usr/share/bash-completion/
+usr/share/zsh/vendor-completions/
+usr/share/dbus-1/
+usr/share/doc/
+usr/share/pkgconfig/systemd.pc
+usr/share/polkit-1/
+usr/share/systemd/kbd-model-map
+usr/share/systemd/language-fallback-map
+usr/lib/binfmt.d/
+usr/lib/environment.d/
+usr/lib/modules-load.d/
+usr/lib/sysctl.d/
+usr/lib/sysusers.d/basic.conf
+usr/lib/sysusers.d/systemd.conf
+usr/lib/systemd/
+usr/lib/tmpfiles.d/
+usr/lib/kernel
+usr/share/locale/
+var/lib
+../../extra/init-functions.d lib/lsb/
+../../extra/tmpfiles.d/*.conf usr/lib/tmpfiles.d/
+../../extra/systemd-sysv-install lib/systemd/
+../../extra/units/* lib/systemd/system/
+../../extra/dhclient-exit-hooks.d/ etc/dhcp/
+../../extra/kernel-install.d/* usr/lib/kernel/install.d
+../../extra/pam.d etc/
diff --git a/debian/systemd.links b/debian/systemd.links
new file mode 100644
index 0000000000000000000000000000000000000000..11b6fe0cd1a4e9dc4605aec1bd6d36056bda9336
--- /dev/null
+++ b/debian/systemd.links
@@ -0,0 +1,83 @@
+# These are all services which have native implementations
+# So we mask them by linking against /dev/null or create an alias
+/lib/systemd/system/systemd-random-seed.service /lib/systemd/system/urandom.service
+/lib/systemd/system/systemd-sysctl.service /lib/systemd/system/procps.service
+
+/lib/systemd/system/rc-local.service /lib/systemd/system/rc.local.service
+
+/lib/systemd/system/systemd-modules-load.service /lib/systemd/system/module-init-tools.service
+/lib/systemd/system/systemd-modules-load.service /lib/systemd/system/kmod.service
+/etc/modules /etc/modules-load.d/modules.conf
+
+# X server and ICE socket directories are created by /usr/lib/tmpfiles.d/x11.conf
+/dev/null /lib/systemd/system/x11-common.service
+
+# systemd sets the hostname internally during early boot
+/dev/null /lib/systemd/system/hostname.service
+
+# /run/nologin is handled by systemd-user-sessions.service
+/dev/null /lib/systemd/system/rmnologin.service
+/dev/null /lib/systemd/system/bootmisc.service
+
+# Although bootlogd is disabled by default (via /etc/default/bootlogd)
+# by masking them we avoid spawning a shell uselessly thrice during boot.
+# Besides, bootlogd doesn't look particularly useful in a systemd world.
+/dev/null /lib/systemd/system/bootlogd.service
+/dev/null /lib/systemd/system/stop-bootlogd-single.service
+/dev/null /lib/systemd/system/stop-bootlogd.service
+
+# systemd sets the hwclock internally
+# http://cgit.freedesktop.org/systemd/systemd/commit/?id=7948c4dfbea73ac21250b588089039aa17a90386
+/dev/null /lib/systemd/system/hwclock.service
+
+# We use native mount support so mask those services
+# TODO: check if any SysV init scripts depend on those facilities
+/dev/null /lib/systemd/system/mountkernfs.service
+/dev/null /lib/systemd/system/mountdevsubfs.service
+/dev/null /lib/systemd/system/mountall.service
+/dev/null /lib/systemd/system/mountall-bootclean.service
+/dev/null /lib/systemd/system/mountnfs.service
+/dev/null /lib/systemd/system/mountnfs-bootclean.service
+/dev/null /lib/systemd/system/umountfs.service
+/dev/null /lib/systemd/system/umountnfs.service
+/dev/null /lib/systemd/system/umountroot.service
+/dev/null /lib/systemd/system/checkfs.service
+/dev/null /lib/systemd/system/checkroot.service
+/dev/null /lib/systemd/system/checkroot-bootclean.service
+
+# We use the built-in cryptsetup support
+/dev/null /lib/systemd/system/cryptdisks.service
+/dev/null /lib/systemd/system/cryptdisks-early.service
+
+# Single user mode is implemented natively, don't use legacy SysV init scripts
+# to avoid spawning sulogin twice.
+/dev/null /lib/systemd/system/single.service
+/dev/null /lib/systemd/system/killprocs.service
+
+# Those services are useless under systemd. Mask them so they can't
+# be run manually by accident.
+/dev/null /lib/systemd/system/sendsigs.service
+/dev/null /lib/systemd/system/halt.service
+/dev/null /lib/systemd/system/reboot.service
+/dev/null /lib/systemd/system/rc.service
+/dev/null /lib/systemd/system/rcS.service
+
+# The motd SysV init script is no longer required to create the dynamic part of
+# /etc/motd to display the uname information as pam_exec is used for that now.
+# An explicit Breaks against older versions of login, which still use
+# /run/motd.dynamic, is not necessary, as pam_motd will silently ignore it if
+# that file is missing and simply display nothing.
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735521
+/dev/null /lib/systemd/system/motd.service
+
+# We have the journal to handle kernel messages from early boot
+/dev/null /lib/systemd/system/bootlogs.service
+
+# Enable Debian specific units
+/lib/systemd/system/getty-static.service /lib/systemd/system/getty.target.wants/getty-static.service
+
+# Compat symlink
+/lib/systemd/systemd /bin/systemd
+
+# Create a compat symlink as systemd-sysctl no longer reads /etc/sysctl.conf
+/etc/sysctl.conf /etc/sysctl.d/99-sysctl.conf
diff --git a/debian/systemd.lintian-overrides b/debian/systemd.lintian-overrides
new file mode 100644
index 0000000000000000000000000000000000000000..f47d5b78d6e78d90f393b04ae7f69b10833de210
--- /dev/null
+++ b/debian/systemd.lintian-overrides
@@ -0,0 +1,2 @@
+systemd: maintainer-script-calls-systemctl
+systemd: possibly-insecure-handling-of-tmp-files-in-maintainer-script
diff --git a/debian/systemd.maintscript b/debian/systemd.maintscript
new file mode 100644
index 0000000000000000000000000000000000000000..ab7bca2ab018b317e081de2dfef1982b3ed24234
--- /dev/null
+++ b/debian/systemd.maintscript
@@ -0,0 +1,11 @@
+rm_conffile /etc/X11/xinit/xinitrc.d/50-systemd-user.sh 228-3~
+rm_conffile /etc/systemd/bootchart.conf 230-1~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.hostname1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.locale1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.login1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.machine1.conf 228-5~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.network1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.resolve1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.timedate1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf 239-15~ systemd-shim
diff --git a/debian/systemd.postinst b/debian/systemd.postinst
new file mode 100644
index 0000000000000000000000000000000000000000..15d4fd5ea0814483cb22b4c5cc60e2f24e1c6bd9
--- /dev/null
+++ b/debian/systemd.postinst
@@ -0,0 +1,173 @@
+#! /bin/sh
+
+set -e
+
+_systemctl() {
+ if [ -d /run/systemd/system ]; then
+ systemctl "$@"
+ fi
+}
+
+_update_catalog() {
+ journalctl --update-catalog || true
+}
+
+# Update Message Catalogs database and reload in response to dpkg triggers
+if [ "$1" = "triggered" ]; then
+ shift
+ for trigger in "$@"; do
+ case $trigger in
+ /usr/lib/systemd/catalog)
+ _update_catalog
+ ;;
+ /etc/init.d)
+ _systemctl daemon-reload || true
+ ;;
+ esac
+ done
+ exit 0
+fi
+
+# Enable getty and remote-fs.target by default on new installs
+if [ -z "$2" ]; then
+ systemctl enable getty@tty1.service || true
+ systemctl enable remote-fs.target || true
+fi
+
+# Enable timesyncd by default on new installs installs and upgrades
+if dpkg --compare-versions "$2" lt "218-11~"; then
+ systemctl enable systemd-timesyncd.service || true
+fi
+
+# Enable ondemand by default on new installs installs and upgrades
+if [ -e /lib/systemd/system/ondemand.service ] && dpkg --compare-versions "$2" lt "231-7~"; then
+ systemctl enable ondemand.service || true
+fi
+
+# Do a one-time migration of the local time setting
+if [ -z "$2" ]; then
+ if [ -f /etc/default/rcS ]; then
+ . /etc/default/rcS
+ fi
+ if [ "$UTC" = "no" ] && [ ! -e /etc/adjtime ]; then
+ printf "0.0 0 0.0\n0\nLOCAL\n" > /etc/adjtime
+ fi
+fi
+
+# Do a one-time migration of the TMPTIME setting
+if [ -z "$2" ]; then
+ if [ -f /etc/default/rcS ]; then
+ . /etc/default/rcS
+ fi
+ if [ ! -e /etc/tmpfiles.d/tmp.conf ]; then
+ case "$TMPTIME" in
+ -*|infinite|infinity)
+ cat > /etc/tmpfiles.d/tmp.conf <<EOF
+# Avoid clearing /tmp by shipping an empty /etc/tmpfiles.d/tmp.conf file
+# which overrides /usr/lib/tmpfiles.d/tmp.conf.
+# This file was automatically created because of local modifications in
+# /etc/default/rcS where TMPTIME was set to infinite.
+EOF
+ ;;
+ esac
+ fi
+fi
+
+# Do a one-time migration of the RAMTMP setting
+if [ -z "$2" ]; then
+ if [ -f /etc/default/rcS ]; then
+ . /etc/default/rcS
+ fi
+ if [ -f /etc/default/tmpfs ]; then
+ . /etc/default/tmpfs
+ fi
+ if [ "$RAMTMP" = "yes" ]; then
+ # systemctl enable will work even when systemd is not the active PID 1.
+ if [ ! -e /etc/systemd/system/tmp.mount ]; then
+ cp /usr/share/systemd/tmp.mount /etc/systemd/system/tmp.mount
+ systemctl enable tmp.mount || true
+ fi
+ fi
+fi
+
+# Create /etc/machine-id
+systemd-machine-id-setup
+
+# Setup system users and groups
+addgroup --quiet --system systemd-journal
+
+# We need to stop running services before we call adduser
+RESTART=""
+if dpkg --compare-versions "$2" lt-nl "239-6"; then
+ for s in systemd-networkd systemd-timesyncd systemd-resolved ; do
+ if _systemctl -q is-active $s; then
+ _systemctl stop $s
+ RESTART="$s $RESTART"
+ fi
+ done
+fi
+
+adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd Time Synchronization" systemd-timesync
+adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd Network Management" systemd-network
+adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd Resolver" systemd-resolve
+
+# Remove old state directory of systemd-timesyncd
+if dpkg --compare-versions "$2" lt-nl "240-3~"; then
+ if [ -L /var/lib/systemd/timesync ] ; then
+ rm /var/lib/systemd/timesync
+ rm -rf /var/lib/private/systemd/timesync
+ fi
+fi
+
+# Initial update of the Message Catalogs database
+_update_catalog
+
+if [ -n "$2" ]; then
+ _systemctl daemon-reexec || true
+ # don't restart logind; this can be done again once this gets implemented:
+ # https://github.com/systemd/systemd/issues/1163
+ _systemctl try-restart systemd-networkd.service || true
+ _systemctl try-restart systemd-resolved.service || true
+ _systemctl try-restart systemd-timesyncd.service || true
+ _systemctl try-restart systemd-journald.service || true
+fi
+
+# Restart services which we stopped earlier
+# This needs to run after daemon-rexec
+if dpkg --compare-versions "$2" lt-nl "239-6"; then
+ for s in $RESTART ; do
+ _systemctl start $s
+ done
+fi
+
+# Cleanup hwclock-save.service, which was shipped in jessie.
+if dpkg --compare-versions "$2" lt-nl "228-5~"; then
+ for t in reboot halt poweroff ; do
+ rm -f /etc/systemd/system/${t}.target.wants/hwclock-save.service
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/${t}.target.wants 2> /dev/null || true
+ done
+fi
+
+if dpkg --compare-versions "$2" lt-nl "235-3~"; then
+ # systemd-bus-proxyd got dropped before stretch, and never created any file
+ deluser --system systemd-bus-proxy || true
+fi
+
+if dpkg --compare-versions "$2" lt-nl "236-1~"; then
+ # Clean up old /var/lib/systemd/clock on upgrade.
+ # The clock file used by systemd-timesyncd is now stored in
+ # StateDirectory=systemd/timesync.
+ rm -f /var/lib/systemd/clock
+fi
+
+if dpkg --compare-versions "$2" lt-nl "239-12~"; then
+ # clean up bogus "nobody" group from #912525; ensure that it's a system group
+ if getent group nobody >/dev/null; then
+ delgroup --system nobody || true
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd.postrm b/debian/systemd.postrm
new file mode 100644
index 0000000000000000000000000000000000000000..94d77b4de105c4366f6e0eec2299de079b25ba88
--- /dev/null
+++ b/debian/systemd.postrm
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ purge)
+ # clean up after manually enabled units in postinst
+ rm -f /etc/systemd/system/getty.target.wants/getty@tty1.service
+ rm -f /etc/systemd/system/multi-user.target.wants/remote-fs.target
+ rm -f /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
+ rm -f /etc/systemd/system/dbus-org.freedesktop.timesync1.service
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/getty.target.wants 2> /dev/null || true
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/multi-user.target.wants 2> /dev/null || true
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/sysinit.target.wants 2> /dev/null || true
+
+ rm -f /var/lib/systemd/catalog/database
+ rmdir --ignore-fail-on-non-empty /var/lib/systemd/catalog 2> /dev/null || true
+
+ rm -rf /var/lib/systemd/backlight/
+ rm -rf /var/lib/systemd/rfkill/
+
+ rm -f /var/lib/systemd/clock
+ rm -f /var/lib/systemd/random-seed
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/systemd.prerm b/debian/systemd.prerm
new file mode 100644
index 0000000000000000000000000000000000000000..aedbf58e4d1b5d50befd3319a802e3d5bef6a239
--- /dev/null
+++ b/debian/systemd.prerm
@@ -0,0 +1,15 @@
+#! /bin/sh
+
+set -e
+
+#
+# Prevent systemd from being removed if it's the active init. That
+# will not work.
+#
+
+if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then
+ echo "systemd is the active init system, please switch to another before removing systemd."
+ exit 1
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd.triggers b/debian/systemd.triggers
new file mode 100644
index 0000000000000000000000000000000000000000..299a3f90483b6265eaf4044936837afac5a923f9
--- /dev/null
+++ b/debian/systemd.triggers
@@ -0,0 +1,2 @@
+interest-noawait /usr/lib/systemd/catalog
+interest-noawait /etc/init.d
diff --git a/debian/tests/assert.sh b/debian/tests/assert.sh
new file mode 100644
index 0000000000000000000000000000000000000000..eccc3382801f7c87864e06d62b60611e7adbe833
--- /dev/null
+++ b/debian/tests/assert.sh
@@ -0,0 +1,25 @@
+# utility functions for shell tests
+
+assert_true() {
+ if ! $1; then
+ echo "FAIL: command '$1' failed with exit code $?" >&2
+ exit 1
+ fi
+}
+
+
+assert_eq() {
+ if [ "$1" != "$2" ]; then
+ echo "FAIL: expected: '$2' actual: '$1'" >&2
+ exit 1
+ fi
+}
+
+assert_in() {
+ if ! echo "$2" | grep -q "$1"; then
+ echo "FAIL: '$1' not found in:" >&2
+ echo "$2" >&2
+ exit 1
+ fi
+}
+
diff --git a/debian/tests/boot-and-services b/debian/tests/boot-and-services
new file mode 100755
index 0000000000000000000000000000000000000000..7508966864d22a41f8d0e4fcebc41de8b5931861
--- /dev/null
+++ b/debian/tests/boot-and-services
@@ -0,0 +1,539 @@
+#!/usr/bin/python3
+# autopkgtest check: Boot with systemd and check critical desktop services
+# (C) 2014 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+import sys
+import os
+import unittest
+import subprocess
+import tempfile
+import shutil
+import time
+import re
+from glob import glob
+
+
+def wait_unit_stop(unit, timeout=10):
+ '''Wait until given unit is not running any more
+
+ Raise RuntimeError on timeout.
+ '''
+ for i in range(timeout):
+ if subprocess.call(['systemctl', 'is-active', '--quiet', unit]) != 0:
+ return
+ time.sleep(1)
+
+ raise RuntimeError('Timed out waiting for %s to stop' % unit)
+
+
+class ServicesTest(unittest.TestCase):
+ '''Check that expected services are running'''
+
+ def test_0_init(self):
+ '''Verify that init is systemd'''
+
+ self.assertIn('systemd', os.readlink('/proc/1/exe'))
+
+ def test_no_failed(self):
+ '''No failed units'''
+
+ out = subprocess.check_output(['systemctl', '--state=failed', '--no-legend'],
+ universal_newlines=True)
+ failed = out.splitlines()
+ # ignore /etc/modules failure as stuff that we put there by default
+ # often fails
+ failed = [f for f in failed if 'systemd-modules-load' not in f]
+ # apparmor fails if not enabled in the kernel
+ if not os.path.exists('/sys/kernel/security/apparmor'):
+ failed = [f for f in failed if 'apparmor.service' not in f]
+ # ignore thermald as it doesn't start in most virtual envs
+ failed = [f for f in failed if 'thermald' not in f]
+ # console-setup.service fails on devices without keyboard (LP: #1516591)
+ failed = [f for f in failed if 'console-setup' not in f]
+ # cpi.service fails on s390x
+ failed = [f for f in failed if 'cpi.service' not in f]
+ if failed:
+ for f in failed:
+ f = f.split()[0]
+ print('-------- journal for failed service %s -----------' % f)
+ sys.stdout.flush()
+ subprocess.call(['journalctl', '-b', '-u', f])
+ self.assertEqual(failed, [])
+
+ @unittest.skipUnless(shutil.which('gdm3') is not None, 'gdm3 not found')
+ def test_gdm3(self):
+ subprocess.check_call(['pgrep', '-af', 'gdm-.*-session'])
+ self.active_unit('gdm')
+
+ def test_dbus(self):
+ out = subprocess.check_output(
+ ['dbus-send', '--print-reply', '--system',
+ '--dest=org.freedesktop.DBus', '/', 'org.freedesktop.DBus.GetId'])
+ self.assertIn(b'string "', out)
+ self.active_unit('dbus')
+
+ def test_network_manager(self):
+ # 0.9.10 changed the command name
+ _help = subprocess.check_output(['nmcli', '--help'],
+ stderr=subprocess.STDOUT)
+ if b' g[eneral]' in _help:
+ out = subprocess.check_output(['nmcli', 'general'])
+ else:
+ out = subprocess.check_output(['nmcli', 'nm'])
+ self.assertIn(b'enabled', out)
+ self.active_unit('network-manager')
+
+ def test_cron(self):
+ out = subprocess.check_output(['ps', 'u', '-C', 'cron'])
+ self.assertIn(b'root', out)
+ self.active_unit('cron')
+
+ def test_logind(self):
+ out = subprocess.check_output(['loginctl'])
+ self.assertNotEqual(b'', out)
+ self.active_unit('systemd-logind')
+
+ @unittest.skipIf('TEST_UPSTREAM' in os.environ,
+ 'Forwarding to rsyslog is a Debian patch')
+ def test_rsyslog(self):
+ out = subprocess.check_output(['ps', 'u', '-C', 'rsyslogd'])
+ self.assertIn(b'bin/rsyslogd', out)
+ self.active_unit('rsyslog')
+ with open('/var/log/syslog') as f:
+ log = f.read()
+ # has kernel messages
+ self.assertRegex(log, 'kernel:.*[cC]ommand line:')
+ # has init messages
+ self.assertRegex(log, 'systemd.*Reached target Graphical Interface')
+ # has other services
+ self.assertRegex(log, 'NetworkManager.*:')
+
+ def test_udev(self):
+ out = subprocess.check_output(['udevadm', 'info', '--export-db'])
+ self.assertIn(b'\nP: /devices/', out)
+ self.active_unit('systemd-udevd')
+
+ def test_tmp_mount(self):
+ # check if we want to mount /tmp in fstab
+ want_tmp_mount = False
+ with open('/etc/fstab') as f:
+ for l in f:
+ try:
+ if not l.startswith('#') and l.split()[1] in ('/tmp', '/tmp/'):
+ want_tmp_mount = True
+ break
+ except IndexError:
+ pass
+
+ # ensure that we actually do/don't have a /tmp mount
+ (status, status_out) = subprocess.getstatusoutput('systemctl status tmp.mount')
+ findmnt = subprocess.call(['findmnt', '-n', '/tmp'], stdout=subprocess.PIPE)
+ if want_tmp_mount:
+ self.assertEqual(status, 0, status_out)
+ self.assertEqual(findmnt, 0)
+ else:
+ # 4 is correct (since upstream commit ca473d57), accept 3 for systemd <= 230
+ self.assertIn(status, [3, 4], status_out)
+ self.assertNotEqual(findmnt, 0)
+
+ @unittest.skipIf('TEST_UPSTREAM' in os.environ,
+ 'Debian specific configuration, N/A for upstream')
+ def test_tmp_cleanup(self):
+ # systemd-tmpfiles-clean.timer only runs 15 mins after boot, shortcut
+ # it
+ self.assertEqual(subprocess.call(
+ ['systemctl', 'status', 'systemd-tmpfiles-clean.timer'],
+ stdout=subprocess.PIPE), 0)
+ subprocess.check_call(['systemctl', 'start', 'systemd-tmpfiles-clean'])
+ # all files in /tmp/ should get cleaned up on boot
+ self.assertFalse(os.path.exists('/tmp/oldfile.test'))
+ self.assertFalse(os.path.exists('/tmp/newfile.test'))
+ # files in /var/tmp/ older than 30d should get cleaned up
+ # XXX FIXME: /var/tmp/ cleanup was disabled in #675422
+ # self.assertFalse(os.path.exists('/var/tmp/oldfile.test'))
+ self.assertTrue(os.path.exists('/var/tmp/newfile.test'))
+
+ # next run should leave the recent ones
+ os.close(os.open('/tmp/newfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ subprocess.check_call(['systemctl', 'start', 'systemd-tmpfiles-clean'])
+ wait_unit_stop('systemd-tmpfiles-clean')
+ self.assertTrue(os.path.exists('/tmp/newfile.test'))
+
+ # Helper methods
+
+ def active_unit(self, unit):
+ '''Check that given unit is active'''
+
+ out = subprocess.check_output(['systemctl', 'status', unit])
+ self.assertIn(b'active (running)', out)
+
+
+class JournalTest(unittest.TestCase):
+ '''Check journal functionality'''
+
+ def test_no_options(self):
+ out = subprocess.check_output(['journalctl'])
+ # has kernel messages
+ self.assertRegex(out, b'kernel:.*[cC]ommand line:')
+ # has init messages
+ self.assertRegex(out, b'systemd.*Reached target Graphical Interface')
+ # has other services
+ self.assertRegex(out, b'NetworkManager.*:.*starting')
+
+ def test_log_for_service(self):
+ out = subprocess.check_output(
+ ['journalctl', '_SYSTEMD_UNIT=NetworkManager.service'])
+ self.assertRegex(out, b'NetworkManager.*:.*starting')
+ self.assertNotIn(b'kernel:', out)
+ self.assertNotIn(b'systemd:', out)
+
+
+class NspawnTest(unittest.TestCase):
+ '''Check nspawn'''
+
+ @classmethod
+ def setUpClass(kls):
+ '''Build a bootable busybox mini-container'''
+
+ kls.td_c_busybox = tempfile.TemporaryDirectory(prefix='c_busybox.')
+ kls.c_busybox = kls.td_c_busybox.name
+ for d in ['etc/init.d', 'bin', 'sbin']:
+ os.makedirs(os.path.join(kls.c_busybox, d))
+ shutil.copy('/bin/busybox', os.path.join(kls.c_busybox, 'bin'))
+ shutil.copy('/etc/os-release', os.path.join(kls.c_busybox, 'etc'))
+ os.symlink('busybox', os.path.join(kls.c_busybox, 'bin', 'sh'))
+ os.symlink('../bin/busybox', os.path.join(kls.c_busybox, 'sbin/init'))
+ with open(os.path.join(kls.c_busybox, 'etc/init.d/rcS'), 'w') as f:
+ f.write('''#!/bin/sh
+echo fake container started
+ps aux
+poweroff\n''')
+ os.fchmod(f.fileno(), 0o755)
+ subprocess.check_call(['systemd-machine-id-setup', '--root',
+ kls.c_busybox], stderr=subprocess.PIPE)
+
+ def setUp(self):
+ self.workdir = tempfile.TemporaryDirectory()
+
+ def test_boot(self):
+ cont = os.path.join(self.workdir.name, 'c1')
+ shutil.copytree(self.c_busybox, cont, symlinks=True)
+ os.sync()
+ nspawn = subprocess.Popen(['systemd-nspawn', '-D', cont, '-b'],
+ stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ out = nspawn.communicate(timeout=60)[0]
+ self.assertIn(b'Spawning container c1', out)
+ self.assertIn(b'fake container started', out)
+ self.assertRegex(out, b'\n\s+1\s+0\s+init[\r\n]')
+ self.assertRegex(out, b'\n\s+2+\s+0\s.*rcS[\r\n]')
+ self.assertRegex(out, b'Container c1.*shut down')
+ self.assertEqual(nspawn.returncode, 0)
+
+ def test_service(self):
+ self.assertTrue(os.path.isdir('/var/lib/machines'))
+ cont = '/var/lib/machines/c1'
+ shutil.copytree(self.c_busybox, cont, symlinks=True)
+ self.addCleanup(shutil.rmtree, cont)
+ os.sync()
+ subprocess.check_call(['systemctl', 'start', 'systemd-nspawn@c1'])
+ wait_unit_stop('systemd-nspawn@c1')
+
+ subprocess.call(['journalctl', '--sync'])
+ systemctl = subprocess.Popen(
+ ['systemctl', 'status', '-overbose', '-l', 'systemd-nspawn@c1'],
+ stdout=subprocess.PIPE)
+ out = systemctl.communicate()[0].decode('UTF-8', 'replace')
+ self.assertEqual(systemctl.returncode, 3, out)
+ self.assertNotIn('failed', out)
+
+
+@unittest.skipUnless(os.path.exists('/sys/kernel/security/apparmor'),
+ 'AppArmor not enabled')
+class AppArmorTest(unittest.TestCase):
+ def test_profile(self):
+ '''AppArmor confined unit'''
+
+ # create AppArmor profile
+ aa_profile = tempfile.NamedTemporaryFile(prefix='aa_violator.')
+ aa_profile.write(b'''#include <tunables/global>
+
+profile "violator-test" {
+ #include <abstractions/base>
+
+ /{usr/,}bin/** rix,
+ /etc/machine-id r,
+}
+''')
+ aa_profile.flush()
+ subprocess.check_call(['apparmor_parser', '-r', '-v', aa_profile.name])
+
+ # create confined unit
+ with open('/run/systemd/system/violator.service', 'w') as f:
+ f.write('''[Unit]
+Description=AppArmor test
+
+[Service]
+ExecStart=/bin/sh -euc 'echo CP1; cat /etc/machine-id; echo CP2; if cat /etc/passwd; then exit 1; fi; echo CP3'
+AppArmorProfile=violator-test
+''')
+ self.addCleanup(os.unlink, '/run/systemd/system/violator.service')
+
+ # launch
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+ subprocess.check_call(['systemctl', 'start', 'violator.service'])
+ wait_unit_stop('violator.service')
+
+ # check status
+ st = subprocess.Popen(['systemctl', 'status', '-l',
+ 'violator.service'], stdout=subprocess.PIPE,
+ universal_newlines=True)
+ out = st.communicate()[0]
+ # unit should be stopped
+ self.assertEqual(st.returncode, 3)
+
+ self.assertIn('inactive', out)
+ self.assertIn('CP1', out)
+ self.assertIn('CP2', out)
+ self.assertIn('CP3', out)
+ with open('/etc/machine-id') as f:
+ self.assertIn(f.read().strip(), out)
+ self.assertNotIn('root:x', out, 'unit can read /etc/passwd')
+
+
+@unittest.skipIf(os.path.exists('/sys/fs/cgroup/cgroup.controllers'),
+ 'test needs to be reworked on unified cgroup hierarchy')
+class CgroupsTest(unittest.TestCase):
+ '''Check cgroup setup'''
+
+ @classmethod
+ def setUpClass(kls):
+ kls.controllers = []
+ for controller in glob('/sys/fs/cgroup/*'):
+ if not os.path.islink(controller):
+ kls.controllers.append(controller)
+
+ def setUp(self):
+ self.service = 'testsrv.service'
+ self.service_file = '/run/systemd/system/' + self.service
+
+ def tearDown(self):
+ subprocess.call(['systemctl', 'stop', self.service],
+ stderr=subprocess.PIPE)
+ try:
+ os.unlink(self.service_file)
+ except OSError:
+ pass
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ def create_service(self, extra_service=''):
+ '''Create test service unit'''
+
+ with open(self.service_file, 'w') as f:
+ f.write('''[Unit]
+Description=test service
+[Service]
+ExecStart=/bin/sleep 500
+%s
+''' % extra_service)
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ def assertNoControllers(self):
+ '''Assert that no cgroup controllers exist for test service'''
+
+ cs = glob('/sys/fs/cgroup/*/system.slice/%s' % self.service)
+ self.assertEqual(cs, [])
+
+ def assertController(self, name):
+ '''Assert that cgroup controller exists for test service'''
+
+ c = '/sys/fs/cgroup/%s/system.slice/%s' % (name, self.service)
+ self.assertTrue(os.path.isdir(c))
+
+ def assertNoController(self, name):
+ '''Assert that cgroup controller does not exist for test service'''
+
+ c = '/sys/fs/cgroup/%s/system.slice/%s' % (name, self.service)
+ self.assertFalse(os.path.isdir(c))
+
+ def test_simple(self):
+ '''simple service'''
+
+ self.create_service()
+ self.assertNoControllers()
+ subprocess.check_call(['systemctl', 'start', self.service])
+ self.assertController('systemd')
+ subprocess.check_call(['systemctl', 'stop', self.service])
+ self.assertNoControllers()
+
+ def test_cpushares(self):
+ '''service with CPUShares'''
+
+ self.create_service('CPUShares=1000')
+ self.assertNoControllers()
+ subprocess.check_call(['systemctl', 'start', self.service])
+ self.assertController('systemd')
+ self.assertController('cpu,cpuacct')
+ subprocess.check_call(['systemctl', 'stop', self.service])
+ self.assertNoControllers()
+
+
+class SeccompTest(unittest.TestCase):
+ '''Check seccomp syscall filtering'''
+
+ def test_failing(self):
+ with open('/run/systemd/system/scfail.service', 'w') as f:
+ f.write('''[Unit]
+Description=seccomp test
+[Service]
+ExecStart=/bin/cat /etc/machine-id
+SystemCallFilter=access
+''')
+ self.addCleanup(os.unlink, '/run/systemd/system/scfail.service')
+
+ # launch
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+ subprocess.check_call(['systemctl', 'start', 'scfail.service'])
+ wait_unit_stop('scfail.service')
+
+ # check status
+ st = subprocess.Popen(['systemctl', 'status', '-l',
+ 'scfail.service'], stdout=subprocess.PIPE)
+ out = st.communicate()[0]
+ # unit should be stopped
+ self.assertEqual(st.returncode, 3)
+
+ subprocess.check_call(['systemctl', 'reset-failed', 'scfail.service'])
+
+ self.assertIn(b'failed', out)
+ self.assertIn(b'code=killed, signal=SYS', out)
+ with open('/etc/machine-id') as f:
+ self.assertNotIn(f.read().strip().encode('ASCII'), out)
+
+
+class CoredumpTest(unittest.TestCase):
+ '''Check systemd-coredump'''
+
+ def test_bash_crash(self):
+ subprocess.call("ulimit -c unlimited; bash -c 'kill -SEGV $$'", shell=True,
+ cwd='/tmp', stderr=subprocess.DEVNULL)
+
+ # with systemd-coredump installed we should get the core dumps in
+ # systemd's dir
+ for timeout in range(50):
+ cores = glob('/var/lib/systemd/coredump/core.bash.*')
+ if cores:
+ break
+ time.sleep(1)
+ self.assertNotEqual(cores, [])
+ self.assertEqual(glob('/tmp/core*'), [])
+
+ # we should also get a message and stack trace in journal
+ for timeout in range(10):
+ subprocess.call(['journalctl', '--sync'])
+ journal = subprocess.check_output(['journalctl', '-t', 'systemd-coredump'])
+ if re.search(b'Process.*bash.*dumped core', journal) and \
+ re.search(b'#[0-9] .*bash', journal):
+ break
+ time.sleep(1)
+ self.assertRegex(journal, b'Process.*bash.*dumped core')
+ self.assertIn(b'Stack trace', journal)
+ self.assertRegex(journal, b'#[0-9] .*bash')
+
+
+class CLITest(unittest.TestCase):
+ def setUp(self):
+ self.programs = []
+ for line in subprocess.check_output(['dpkg', '-L', 'systemd', 'systemd-container', 'systemd-coredump', 'udev'],
+ universal_newlines=True).splitlines():
+ if '/bin/' in line:
+ self.programs.append(line.strip())
+
+ def test_help(self):
+ '--help works and succeeds'''
+
+ for program in self.programs:
+ p = subprocess.Popen([program, '--help'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
+ (out, err) = p.communicate()
+ try:
+ self.assertEqual(err, '')
+ self.assertEqual(p.returncode, 0)
+ self.assertIn(os.path.basename(program), out)
+ self.assertTrue('--help' in out or 'Usage' in out, out)
+ except AssertionError:
+ print('Failed program: %s' % program)
+ raise
+
+ def test_version(self):
+ '--version works and succeeds'''
+
+ version = subprocess.check_output(['pkg-config', '--modversion', 'systemd'],
+ universal_newlines=True).strip()
+
+ for program in self.programs:
+ # known to not respond to --version
+ if os.path.basename(program) in ['kernel-install', 'systemd-ask-password', 'systemd-stdio-bridge']:
+ continue
+ p = subprocess.Popen([program, '--version'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
+ (out, err) = p.communicate()
+ try:
+ self.assertEqual(err, '')
+ self.assertEqual(p.returncode, 0)
+ self.assertIn(version, out)
+ except AssertionError:
+ print('Failed program: %s' % program)
+ raise
+
+ def test_invalid_option(self):
+ '''Calling with invalid option fails'''
+
+ for program in self.programs:
+ p = subprocess.Popen([program, '--invalid-option'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
+ (out, err) = p.communicate()
+ try:
+ # kernel-install is an unique snowflake
+ if not program.endswith('/kernel-install'):
+ self.assertIn('--invalid-option', err)
+ self.assertNotEqual(p.returncode, 0)
+ except AssertionError:
+ print('Failed program: %s' % program)
+ raise
+
+
+def pre_boot_setup():
+ '''Test setup before rebooting testbed'''
+
+ # create a few temporary files to ensure that they get cleaned up on boot
+ os.close(os.open('/tmp/newfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ os.close(os.open('/var/tmp/newfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ # we can't use utime() here, as systemd looks for ctime
+ cur_time = time.clock_gettime(time.CLOCK_REALTIME)
+ time.clock_settime(time.CLOCK_REALTIME, cur_time - 2 * 30 * 86400)
+ try:
+ os.close(os.open('/tmp/oldfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ os.close(os.open('/var/tmp/oldfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ finally:
+ time.clock_settime(time.CLOCK_REALTIME, cur_time)
+
+ # allow X to start even on headless machines
+ os.makedirs('/etc/X11/xorg.conf.d/', exist_ok=True)
+ with open('/etc/X11/xorg.conf.d/dummy.conf', 'w') as f:
+ f.write('''Section "Device"
+ Identifier "test"
+ Driver "dummy"
+EndSection''')
+
+
+if __name__ == '__main__':
+ if not os.getenv('ADT_REBOOT_MARK'):
+ pre_boot_setup()
+ print('Rebooting...')
+ subprocess.check_call(['/tmp/autopkgtest-reboot', 'boot1'])
+
+ unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
+ verbosity=2))
diff --git a/debian/tests/boot-smoke b/debian/tests/boot-smoke
new file mode 100755
index 0000000000000000000000000000000000000000..ca1fd375383d9719ed3fd3d40adf4ce5826fdbd3
--- /dev/null
+++ b/debian/tests/boot-smoke
@@ -0,0 +1,66 @@
+#!/bin/sh
+# test 20 successful reboots in a row
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+# For bisecting/testing you can replace individual binaries in /lib/systemd
+# with --copy /host/path/systemd-foo:/tmp/systemd-replace/systemd-foo
+set -e
+
+. `dirname $0`/assert.sh
+
+if [ -z "$ADT_REBOOT_MARK" ]; then
+ # enable persistent journal
+ mkdir -p /var/log/journal
+ # allow X to start even on headless machines
+ mkdir -p /etc/X11/xorg.conf.d/
+ cat << EOF > /etc/X11/xorg.conf.d/dummy.conf
+Section "Device"
+ Identifier "test"
+ Driver "dummy"
+EndSection
+EOF
+
+
+ ADT_REBOOT_MARK=0
+ if [ -d /tmp/systemd-replace/ ]; then
+ for f in /tmp/systemd-replace/*; do
+ echo "Installing $f..."
+ rm -f /lib/systemd/$(basename $f)
+ cp $f /lib/systemd/
+ done
+ fi
+else
+ echo "checking for failed unmounts for user systemd"
+ JOURNAL=$(journalctl)
+ if echo "$JOURNAL" | grep -E "systemd\[([2-9]|[1-9][0-9]+)\].*Failed unmounting"; then
+ exit 1
+ fi
+ echo "checking for connection timeouts"
+ if echo "$JOURNAL" | grep "Connection timed out"; then
+ exit 1
+ fi
+
+ echo "checking that polkitd runs"
+ pidof polkitd
+
+ echo "checking that there are no running jobs"
+ TIMEOUT=10
+ while [ $TIMEOUT -ge 0 ]; do
+ running="$(systemctl --no-pager --no-legend list-jobs || true)"
+ [ -n "$running" ] || break
+ TIMEOUT=$((TIMEOUT - 1))
+ done
+ if [ -n "$running" ]; then
+ echo "running jobs after remaining timeout $TIMEOUT: $running"
+ journalctl --sync
+ journalctl -ab > $ADT_ARTIFACTS/journal.txt
+ udevadm info --export-db > $ADT_ARTIFACTS/udevdb.txt
+ exit 1
+ fi
+fi
+
+if [ "$ADT_REBOOT_MARK" -ge 5 ]; then
+ exit 0
+fi
+
+echo "reboot #$ADT_REBOOT_MARK"
+/tmp/autopkgtest-reboot $(($ADT_REBOOT_MARK + 1))
diff --git a/debian/tests/build-login b/debian/tests/build-login
new file mode 100755
index 0000000000000000000000000000000000000000..def83b181b79ed90589466c76fe58307f7d4c897
--- /dev/null
+++ b/debian/tests/build-login
@@ -0,0 +1,38 @@
+#!/bin/sh
+# autopkgtest check: Test build against libsystemd-login-dev
+# (C) 2014 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+set -e
+
+WORKDIR=$(mktemp -d)
+trap "rm -rf $WORKDIR" 0 INT QUIT ABRT PIPE TERM
+cd $WORKDIR
+cat <<EOF > loginmonitor.c
+#include <assert.h>
+#include <stdio.h>
+#include <systemd/sd-login.h>
+
+int main(int argc, char **argv)
+{
+ sd_login_monitor* mon = NULL;
+ int res;
+
+ res = sd_login_monitor_new(NULL, &mon);
+ if (res < 0) {
+ fprintf(stderr, "sd_login_monitor_new failed with value %i\n", res);
+ return 1;
+ }
+
+ assert(sd_login_monitor_get_fd(mon) > 0);
+ sd_login_monitor_unref(mon);
+
+ return 0;
+}
+EOF
+
+gcc -Wall -Werror -o loginmonitor loginmonitor.c `pkg-config --cflags --libs libsystemd`
+echo "build: OK"
+[ -x loginmonitor ]
+./loginmonitor
+echo "run: OK"
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000000000000000000000000000000000000..24e75f614df156b08d26c7d1372274d0da2c5312
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,190 @@
+Tests: timedated, hostnamed, localed-locale, localed-x11-keymap
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+Restrictions: needs-root, isolation-container
+
+Tests: logind
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+Restrictions: needs-root, isolation-container
+
+Tests: unit-config
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+Restrictions: needs-root, allow-stderr
+
+Tests: storage
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+ cryptsetup-bin,
+Restrictions: needs-root, isolation-machine
+
+Tests: networkd-test.py
+Tests-Directory: test
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+ cryptsetup-bin,
+ systemd-sysv,
+ policykit-1,
+ dnsmasq-base
+Restrictions: needs-root, isolation-container
+
+Tests: build-login
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+ cryptsetup-bin,
+ systemd-sysv,
+ policykit-1,
+ dnsmasq-base,
+ build-essential,
+ libsystemd-dev,
+Restrictions: isolation-container
+
+Tests: boot-and-services
+Depends: systemd-sysv,
+ systemd-container,
+ systemd-coredump,
+ libpam-systemd,
+ xserver-xorg-video-dummy,
+ xserver-xorg,
+ gdm3 [!s390x],
+ cron,
+ network-manager,
+ busybox-static,
+ apparmor,
+ pkg-config,
+ python3
+Restrictions: needs-root, isolation-machine, breaks-testbed
+
+Tests: udev
+Depends: systemd-tests,
+ python3,
+ tree,
+ perl,
+ xz-utils,
+Restrictions: needs-root, allow-stderr, isolation-machine
+
+Tests: root-unittests
+Depends: systemd-tests,
+ libpam-systemd,
+ tree,
+ perl,
+ xz-utils,
+ libcap2-bin,
+ iproute2,
+ liblz4-tool,
+ acl,
+ iputils-ping,
+ dbus-user-session,
+Restrictions: needs-root, allow-stderr, isolation-container
+
+Tests: upstream
+Depends: libsystemd-dev,
+ tree,
+ perl,
+ xz-utils,
+ libcap2-bin,
+ iproute2,
+ liblz4-tool,
+ acl,
+ kbd,
+ cryptsetup-bin,
+ net-tools,
+ isc-dhcp-client,
+ iputils-ping,
+ strace,
+ qemu-system-x86 [amd64 i386],
+ qemu-system-arm [arm64 armhf],
+ qemu-system-s390x [s390x],
+ less,
+ pkg-config,
+ gcc,
+ libc6-dev | libc-dev,
+ make,
+ quota,
+ systemd-journal-remote,
+ systemd-container,
+ systemd-coredump,
+ fdisk | util-linux (<< 2.29.2-3~),
+ netcat-openbsd,
+ busybox-static,
+ plymouth,
+ e2fsprogs,
+Restrictions: needs-root, allow-stderr, isolation-machine
+
+Tests: boot-smoke
+Depends: libsystemd-dev,
+ tree,
+ perl,
+ xz-utils,
+ libcap2-bin,
+ iproute2,
+ liblz4-tool,
+ acl,
+ kbd,
+ cryptsetup-bin,
+ net-tools,
+ isc-dhcp-client,
+ iputils-ping,
+ strace,
+ qemu-system-x86 [amd64 i386],
+ qemu-system-arm [arm64 armhf],
+ qemu-system-s390x [s390x],
+ less,
+ pkg-config,
+ gcc,
+ libc6-dev | libc-dev,
+ make,
+ quota,
+ systemd-journal-remote,
+ systemd-container,
+ systemd-coredump,
+ systemd-sysv,
+ fdisk | util-linux (<< 2.29.2-3~),
+ netcat-openbsd,
+ busybox-static,
+ plymouth,
+ network-manager,
+ policykit-1,
+ gdm3 [!s390x],
+ xserver-xorg-video-dummy,
+Restrictions: needs-root, isolation-container, allow-stderr, breaks-testbed
+
+# NOUPSTREAM: Do not run these tests for upstream builds
+
+Tests: systemd-fsckd
+Depends: systemd-sysv,
+ python3,
+ plymouth
+Restrictions: needs-root, isolation-machine, breaks-testbed
diff --git a/debian/tests/fsck b/debian/tests/fsck
new file mode 100755
index 0000000000000000000000000000000000000000..77b50d7234a761ffdfc7ffbecc7d06925ce80e4f
--- /dev/null
+++ b/debian/tests/fsck
@@ -0,0 +1,27 @@
+#!/bin/bash
+fd=0
+
+OPTIND=1
+while getopts "C:aTlM" opt; do
+ case "$opt" in
+ C)
+ fd=$OPTARG
+ ;;
+ \?);;
+ esac
+done
+
+shift "$((OPTIND-1))"
+device=$1
+
+echo "Running fake fsck on $device"
+
+declare -a maxpass=(30 5 2 30 60)
+
+for pass in {1..5}; do
+ maxprogress=${maxpass[$((pass-1))]}
+ for (( current=0; current<=${maxprogress}; current++)); do
+ echo "$pass $current $maxprogress $device">&$fd
+ sleep 0.1
+ done
+done
diff --git a/debian/tests/hostnamed b/debian/tests/hostnamed
new file mode 100755
index 0000000000000000000000000000000000000000..1b22869141261fe0a2cc20a5d74cd460d26a8d81
--- /dev/null
+++ b/debian/tests/hostnamed
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+ORIG_HOST=`cat /etc/hostname`
+echo "original hostname: $ORIG_HOST"
+
+# should activate daemon and work
+STATUS="`hostnamectl`"
+assert_in "Static hostname: $ORIG_HOST" "$STATUS"
+assert_in "Kernel:.* `uname -r`" "$STATUS"
+
+# change hostname
+assert_eq "`hostnamectl set-hostname testhost 2>&1`" ""
+assert_eq "`cat /etc/hostname`" "testhost"
+assert_in "Static hostname: testhost" "`hostnamectl`"
+
+# reset to original
+assert_eq "`hostnamectl set-hostname $ORIG_HOST 2>&1`" ""
+assert_eq "`cat /etc/hostname`" "$ORIG_HOST"
+assert_in "Static hostname: $ORIG_HOST" "`hostnamectl`"
diff --git a/debian/tests/lidswitch.evemu b/debian/tests/lidswitch.evemu
new file mode 100644
index 0000000000000000000000000000000000000000..de1d590417ac592d67eb176a4ebcb51dbf5f4a8a
--- /dev/null
+++ b/debian/tests/lidswitch.evemu
@@ -0,0 +1,34 @@
+# EVEMU 1.2
+# Input device name: "Lid Switch"
+# Input device ID: bus 0x19 vendor 0000 product 0x05 version 0000
+# Supported events:
+# Event type 0 (EV_SYN)
+# Event code 0 (SYN_REPORT)
+# Event code 5 (FF_STATUS_MAX)
+# Event type 5 (EV_SW)
+# Event code 0 (SW_LID)
+# Properties:
+N: Fake Lid Switch
+I: 0019 0000 0005 0000
+P: 00 00 00 00 00 00 00 00
+B: 00 21 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 02 00 00 00 00 00 00 00 00
+B: 03 00 00 00 00 00 00 00 00
+B: 04 00 00 00 00 00 00 00 00
+B: 05 01 00 00 00 00 00 00 00
+B: 11 00 00 00 00 00 00 00 00
+B: 12 00 00 00 00 00 00 00 00
+B: 15 00 00 00 00 00 00 00 00
+B: 15 00 00 00 00 00 00 00 00
diff --git a/debian/tests/localed-locale b/debian/tests/localed-locale
new file mode 100755
index 0000000000000000000000000000000000000000..468258d139071ea243f3dc354bf8666108341e70
--- /dev/null
+++ b/debian/tests/localed-locale
@@ -0,0 +1,42 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+if [ -n "$TEST_UPSTREAM" ]; then
+ LOCALE_CONF=/etc/locale.conf
+else
+ LOCALE_CONF=/etc/default/locale
+fi
+
+if ! ORIG_LOC=`grep -v '^#' $LOCALE_CONF 2>/dev/null`; then
+ # set up for a minimal unconfigured system
+ if [ -e /etc/locale.gen ]; then
+ echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
+ fi
+ locale-gen en_US.UTF-8
+ ORIG_LOC='LANG="en_US.UTF-8"'
+ echo "$ORIG_LOC" > $LOCALE_CONF
+fi
+
+if ! [ -e /etc/default/keyboard ]; then
+ /bin/echo -e 'XKBMODEL=us\nXKBLAYOUT=pc105' > /etc/default/keyboard
+fi
+
+# should activate daemon and work
+assert_in "System Locale:" "`localectl --no-pager`"
+
+# change locale
+assert_eq "`localectl --no-pager set-locale LANG=C LC_CTYPE=en_US.UTF-8 2>&1`" ""
+sync
+assert_eq "`cat $LOCALE_CONF`" "LANG=C
+LC_CTYPE=en_US.UTF-8"
+
+! [ -f /etc/locale.conf ]
+
+STATUS=`localectl`
+assert_in "System Locale: LANG=C" "$STATUS"
+assert_in "LC_CTYPE=en_US.UTF-8" "$STATUS"
+
+# reset locale to original
+echo "$ORIG_LOC" > $LOCALE_CONF
diff --git a/debian/tests/localed-x11-keymap b/debian/tests/localed-x11-keymap
new file mode 100755
index 0000000000000000000000000000000000000000..34f480809464cc41bbf5d68c88263ca20ef26ae2
--- /dev/null
+++ b/debian/tests/localed-x11-keymap
@@ -0,0 +1,52 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+if [ -f /etc/default/keyboard ]; then
+ ORIG_KBD=`cat /etc/default/keyboard`
+else
+ ORIG_KBD=""
+fi
+
+cleanup() {
+ # reset locale to original
+ if [ -n "ORIG_KBD" ]; then
+ echo "$ORIG_KBD" > /etc/default/keyboard
+ else
+ rm -f /etc/default/keyboard
+ fi
+ rm -f /etc/X11/xorg.conf.d/00-keyboard.conf
+}
+trap cleanup EXIT INT QUIT PIPE
+
+# should activate daemon and work
+STATUS=`localectl`
+assert_in "X11 Layout:" "`localectl --no-pager`"
+
+# change layout
+assert_eq "`localectl --no-pager set-x11-keymap et pc101 2>&1`" ""
+sync
+
+if [ -n "$TEST_UPSTREAM" ]; then
+ # Upstream writes xorg.conf.d file
+ assert_in 'Option "XkbLayout" "et' "`cat /etc/X11/xorg.conf.d/00-keyboard.conf`"
+ assert_in 'Option "XkbModel" "pc101"' "`cat /etc/X11/xorg.conf.d/00-keyboard.conf`"
+else
+ # Debian console-setup config file
+ assert_in 'XKBLAYOUT="\?et"\?' "`cat /etc/default/keyboard`"
+ assert_in 'XKBMODEL="\?pc101"\?' "`cat /etc/default/keyboard`"
+
+ ! [ -f /etc/X11/xorg.conf.d/00-keyboard.conf ]
+fi
+
+STATUS=`localectl --no-pager`
+assert_in "X11 Layout: et" "$STATUS"
+assert_in "X11 Model: pc101" "$STATUS"
+
+# gets along without config file
+if [ -z "$TEST_UPSTREAM" ]; then
+ rm /etc/default/keyboard
+ systemctl stop systemd-localed
+ assert_in "X11 Layout: n/a" "`localectl --no-pager`"
+fi
diff --git a/debian/tests/logind b/debian/tests/logind
new file mode 100755
index 0000000000000000000000000000000000000000..07a658bda2e1fc6fbb35051d06c1e7ef9622a567
--- /dev/null
+++ b/debian/tests/logind
@@ -0,0 +1,204 @@
+#!/bin/sh
+set -e
+
+test_started() {
+ # ensure the *old* logind from before the upgrade isn't running
+ echo " * try-restarting systemd-logind"
+ systemctl try-restart systemd-logind
+
+ echo " * daemon is started"
+ # should start at boot, not with D-BUS activation
+ LOGINDPID=$(pidof systemd-logind)
+
+ # loginctl should succeed
+ echo " * loginctl succeeds"
+ LOGINCTL_OUT=`loginctl`
+}
+
+test_properties() {
+ # Default KillUserProcesses should be off for debian/ubuntu builds
+ r=$(busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager KillUserProcesses)
+ [ "$r" = "b false" ]
+}
+
+# args: <timeout>
+wait_suspend() {
+ timeout=$1
+ while [ $timeout -gt 0 ] && [ ! -e /run/suspend.flag ]; do
+ sleep 1
+ timeout=$((timeout - 1))
+ [ $(($timeout % 5)) -ne 0 ] || echo " waiting for suspend, ${timeout}s remaining..."
+ done
+ if [ ! -e /run/suspend.flag ]; then
+ echo "closing lid did not cause suspend" >&2
+ exit 1
+ fi
+ rm /run/suspend.flag
+ echo " * closing lid caused suspend"
+}
+
+test_suspend_on_lid() {
+ if systemd-detect-virt --quiet --container; then
+ echo " * Skipping suspend test in container"
+ return
+ fi
+ if ! grep -q mem /sys/power/state; then
+ echo " * suspend not supported on this testbed, skipping"
+ return
+ fi
+
+ # cleanup handler
+ trap 'rm -f /run/udev/rules.d/70-logindtest-*.rules; udevadm control --reload;
+ kill $KILL_PID;
+ rm /run/systemd/system/systemd-suspend.service;
+ if [ -d /sys/module/scsi_debug ]; then rmmod scsi_debug 2>/dev/null || (sleep 2; rmmod scsi_debug ) || true; fi' \
+ EXIT INT QUIT TERM PIPE
+
+ # watch what's going on
+ journalctl -f -u systemd-logind.service &
+ KILL_PID="$KILL_PID $!"
+
+ # create fake suspend
+ UNIT=$(systemctl show -pFragmentPath --value systemd-suspend.service)
+ sed '/^ExecStart=/ s_=.*$_=/bin/touch /run/suspend.flag_' $UNIT > /run/systemd/system/systemd-suspend.service
+ sync
+ systemctl daemon-reload
+
+ # create fake lid switch
+ mkdir -p /run/udev/rules.d
+ echo 'SUBSYSTEM=="input", KERNEL=="event*", ATTRS{name}=="Fake Lid Switch", TAG+="power-switch"' \
+ > /run/udev/rules.d/70-logindtest-lid.rules
+ sync
+ udevadm control --reload
+ evemu-device $(dirname $0)/lidswitch.evemu &
+ KILL_PID="$KILL_PID $!"
+ while [ -z "$O" ]; do
+ sleep 0.1
+ O=$(grep -l '^Fake Lid Switch' /sys/class/input/*/device/name)
+ done
+ O=${O%/device/name}
+ LID_DEV=/dev/${O#/sys/class/}
+
+ # close lid
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 1
+ # need to wait for 30s suspend inhibition after boot
+ wait_suspend 31
+ # open lid again
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 0
+
+ echo " * waiting for 30s inhibition time between suspends"
+ sleep 30
+
+ # now closing lid should cause instant suspend
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 1
+ wait_suspend 2
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 0
+
+ P=$(pidof systemd-logind)
+ [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; }
+}
+
+test_shutdown() {
+ echo " * scheduled shutdown with wall message"
+ shutdown 2>&1
+ sleep 5
+ shutdown -c || true
+ # logind should still be running
+ P=$(pidof systemd-logind)
+ [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; }
+
+ echo " * scheduled shutdown without wall message"
+ shutdown --no-wall 2>&1
+ sleep 5
+ shutdown -c --no-wall || true
+ P=$(pidof systemd-logind)
+ [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; }
+}
+
+test_in_logind_session() {
+ echo " * XDG_SESSION_ID=$XDG_SESSION_ID"
+ # cgroup v1: "1:name=systemd:/user.slice/..."; unified hierarchy: "0::/user.slice"
+ if grep -E '(name=systemd|^0:):.*session.*scope' /proc/self/cgroup; then
+ echo " * process is in session cgroup"
+ else
+ echo "FAIL: process is not in session cgroup"
+ echo "/proc/self/cgroup:"
+ cat /proc/self/cgroup
+ loginctl
+ loginctl show-session "$XDG_SESSION_ID"
+ exit 1
+ fi
+}
+
+test_acl() {
+ # ACL tests
+ if ! echo "$LOGINCTL_OUT" | grep -q "seat0"; then
+ echo " * Skipping ACL tests, as there is no seat"
+ return
+ fi
+ if systemd-detect-virt --quiet --container; then
+ echo " * Skipping ACL tests in container"
+ return
+ fi
+
+ # determine user
+ USER=`echo "$OUT" | grep seat0 | awk '{print $3}'`
+ echo "seat user: $USER"
+
+ # scsi_debug should not be loaded yet
+ ! test -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block
+
+ # we use scsi_debug to create new devices which we can put ACLs on
+ # tell udev about the tagging, so that logind can pick it up
+ cat <<EOF > /run/udev/rules.d/70-logindtest-scsi_debug-user.rules
+SUBSYSTEM=="block", ATTRS{model}=="scsi_debug*", TAG+="uaccess"
+EOF
+ sync
+ udevadm control --reload
+
+ echo " * coldplug: logind started with existing device"
+ killall systemd-logind
+ modprobe scsi_debug
+ while ! dev=/dev/`ls /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block 2>/dev/null`; do sleep 0.1; done
+ test -b $dev
+ echo "got block device $dev"
+ udevadm settle
+ # trigger logind
+ loginctl > /dev/null
+ sleep 1
+ if getfacl -p $dev | grep -q "user:$USER:rw-"; then
+ echo "$dev has ACL for user $USER"
+ else
+ echo "$dev has no ACL for user $USER:" >&2
+ getfacl -p $dev >&2
+ exit 1
+ fi
+
+ rmmod scsi_debug
+
+ echo " * hotplug: new device appears while logind is running"
+ modprobe scsi_debug
+ while ! dev=/dev/`ls /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block`; do sleep 0.1; done
+ test -b $dev
+ echo "got block device $dev"
+ udevadm settle
+ sleep 1
+ if getfacl -p $dev | grep -q "user:$USER:rw-"; then
+ echo "$dev has ACL for user $USER"
+ else
+ echo "$dev has no ACL for user $USER:" >&2
+ getfacl -p $dev >&2
+ exit 1
+ fi
+}
+
+#
+# main
+#
+
+test_started
+test_properties
+test_in_logind_session
+test_suspend_on_lid
+test_shutdown
+test_acl
diff --git a/debian/tests/process-killer b/debian/tests/process-killer
new file mode 100755
index 0000000000000000000000000000000000000000..6ca10b8d91535687b0cd180c356c35a4726777e2
--- /dev/null
+++ b/debian/tests/process-killer
@@ -0,0 +1,9 @@
+#!/bin/sh
+# loop until we can kill the process given in arg
+
+while :
+do
+ /usr/bin/pkill -x $*
+ [ $? -eq 0 ] && break
+ sleep 1
+done
diff --git a/debian/tests/root-unittests b/debian/tests/root-unittests
new file mode 100644
index 0000000000000000000000000000000000000000..96416e286a2ad3c85cedd0e4bcdc1f3bf2c29f4c
--- /dev/null
+++ b/debian/tests/root-unittests
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -eu
+
+EXFAIL=""
+
+res=0
+for t in /usr/lib/systemd/tests/test-*; do
+ tname=$(basename $t)
+ # test-udev needs special prep and has its own test
+ [ "$tname" != test-udev ] || continue
+ echo "====== $tname ======="
+ # exit code 77 means "skip"
+ rc=0
+ $t || rc=$?
+ if [ "$rc" = 0 ]; then
+ echo "PASS: $tname"
+ elif [ "$rc" = 77 ]; then
+ echo "SKIP: $tname"
+ elif [ "${EXFAIL%$tname*}" != "$EXFAIL" ]; then
+ echo "EXFAIL: $tname"
+ else
+ echo "FAIL: $tname (code: $rc)"
+ res=$rc
+ fi
+done
+exit $res
diff --git a/debian/tests/storage b/debian/tests/storage
new file mode 100755
index 0000000000000000000000000000000000000000..d3861a7df766463d43bc4f6acce8cd02b8f6dd76
--- /dev/null
+++ b/debian/tests/storage
@@ -0,0 +1,238 @@
+#!/usr/bin/env python3
+# systemd integration test: Handling of storage devices
+# (C) 2015 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+import os
+import sys
+import unittest
+import subprocess
+import time
+import random
+from glob import glob
+
+
+@unittest.skipIf(os.path.isdir('/sys/module/scsi_debug'),
+ 'The scsi_debug module is already loaded')
+class FakeDriveTestBase(unittest.TestCase):
+ @classmethod
+ def setUpClass(klass):
+ # create a fake SCSI hard drive
+ subprocess.check_call(['modprobe', 'scsi_debug'])
+ # wait until drive got created
+ sys_dirs = []
+ while not sys_dirs:
+ sys_dirs = glob('/sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block')
+ time.sleep(0.1)
+ assert len(sys_dirs) == 1
+ devs = os.listdir(sys_dirs[0])
+ assert len(devs) == 1
+ klass.device = '/dev/' + devs[0]
+
+ def tearDown(self):
+ # clear drive
+ with open(self.device, 'wb') as f:
+ block = b'0' * 1048576
+ try:
+ while True:
+ f.write(block)
+ except OSError:
+ pass
+ subprocess.check_call(['udevadm', 'settle'])
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+
+class CryptsetupTest(FakeDriveTestBase):
+ def setUp(self):
+ self.plaintext_name = 'testcrypt1'
+ self.plaintext_dev = '/dev/mapper/' + self.plaintext_name
+ if os.path.exists(self.plaintext_dev):
+ self.fail('%s exists already' % self.plaintext_dev)
+
+ super().setUp()
+
+ if os.path.exists('/etc/crypttab'):
+ os.rename('/etc/crypttab', '/etc/crypttab.systemdtest')
+ self.password = 'pwd%i' % random.randint(1000, 10000)
+ self.password_agent = None
+
+ def tearDown(self):
+ if self.password_agent:
+ os.kill(self.password_agent, 9)
+ os.waitpid(self.password_agent, 0)
+ self.password_agent = None
+ subprocess.call(['umount', self.plaintext_dev], stderr=subprocess.DEVNULL)
+ subprocess.call(['systemctl', 'stop', 'systemd-cryptsetup@%s.service' % self.plaintext_name],
+ stderr=subprocess.STDOUT)
+ if os.path.exists('/etc/crypttab'):
+ os.unlink('/etc/crypttab')
+ if os.path.exists('/etc/crypttab.systemdtest'):
+ os.rename('/etc/crypttab.systemdtest', '/etc/crypttab')
+
+ super().tearDown()
+
+ def format_luks(self):
+ '''Format test device with LUKS'''
+
+ p = subprocess.Popen(['cryptsetup', '--batch-mode', 'luksFormat', self.device, '-'],
+ stdin=subprocess.PIPE)
+ p.communicate(self.password.encode())
+ self.assertEqual(p.returncode, 0)
+ os.sync()
+ subprocess.check_call(['udevadm', 'settle'])
+
+ def start_password_agent(self):
+ '''Run password agent to answer passphrase request for crypt device'''
+
+ pid = os.fork()
+ if pid > 0:
+ self.password_agent = pid
+ return
+
+ # wait for incoming request
+ found = False
+ while not found:
+ for ask in glob('/run/systemd/ask-password/ask.*'):
+ with open(ask) as f:
+ contents = f.read()
+ if 'disk scsi_debug' in contents and self.plaintext_name in contents:
+ found = True
+ break
+ if not found:
+ time.sleep(0.5)
+
+ # parse Socket=
+ for line in contents.splitlines():
+ if line.startswith('Socket='):
+ socket = line.split('=', 1)[1]
+ break
+
+ # send reply
+ p = subprocess.Popen(['/lib/systemd/systemd-reply-password', '1', socket],
+ stdin=subprocess.PIPE)
+ p.communicate(self.password.encode())
+ assert p.returncode == 0
+
+ os._exit(0)
+
+ def apply(self, target):
+ '''Tell systemd to generate and run the cryptsetup units'''
+
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ self.start_password_agent()
+ subprocess.check_call(['systemctl', 'restart', target])
+ for timeout in range(50):
+ if os.path.exists(self.plaintext_dev):
+ break
+ time.sleep(0.1)
+ else:
+ self.fail('timed out for %s to appear' % self.plaintext_dev)
+
+ def test_luks_by_devname(self):
+ '''LUKS device by plain device name, empty'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks\n' % (self.plaintext_name, self.device))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should not have anything on it
+ p = subprocess.Popen(['blkid', self.plaintext_dev], stdout=subprocess.PIPE)
+ out = p.communicate()[0]
+ self.assertEqual(out, b'')
+ self.assertNotEqual(p.returncode, 0)
+
+ def test_luks_by_uuid(self):
+ '''LUKS device by UUID, empty'''
+
+ self.format_luks()
+ uuid = subprocess.check_output(['blkid', '-ovalue', '-sUUID', self.device],
+ universal_newlines=True).strip()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s UUID=%s none luks\n' % (self.plaintext_name, uuid))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should not have anything on it
+ p = subprocess.Popen(['blkid', self.plaintext_dev], stdout=subprocess.PIPE)
+ out = p.communicate()[0]
+ self.assertEqual(out, b'')
+ self.assertNotEqual(p.returncode, 0)
+
+ def test_luks_swap(self):
+ '''LUKS device with "swap" option'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks,swap\n' % (self.plaintext_name, self.device))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should be formatted with swap
+ out = subprocess.check_output(['blkid', '-ovalue', '-sTYPE', self.plaintext_dev])
+ self.assertEqual(out, b'swap\n')
+
+ def test_luks_tmp(self):
+ '''LUKS device with "tmp" option'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks,tmp\n' % (self.plaintext_name, self.device))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should be formatted with ext2
+ out = subprocess.check_output(['blkid', '-ovalue', '-sTYPE', self.plaintext_dev])
+ self.assertEqual(out, b'ext2\n')
+
+ def test_luks_fstab(self):
+ '''LUKS device in /etc/fstab'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks,tmp\n' % (self.plaintext_name, self.device))
+
+ mountpoint = '/run/crypt1.systemdtest'
+ os.mkdir(mountpoint)
+ self.addCleanup(os.rmdir, mountpoint)
+ os.rename('/etc/fstab', '/etc/fstab.systemdtest')
+ self.addCleanup(os.rename, '/etc/fstab.systemdtest', '/etc/fstab')
+ with open('/etc/fstab', 'a') as f:
+ with open('/etc/fstab.systemdtest') as forig:
+ f.write(forig.read())
+ f.write('%s %s ext2 defaults 0 0\n' % (self.plaintext_dev, mountpoint))
+
+ # this should now be a requirement of local-fs.target
+ self.apply('local-fs.target')
+
+ # should be mounted
+ found = False
+ with open('/proc/mounts') as f:
+ for line in f:
+ fields = line.split()
+ if fields[0] == self.plaintext_dev:
+ self.assertEqual(fields[1], mountpoint)
+ self.assertEqual(fields[2], 'ext2')
+ found = True
+ break
+ if not found:
+ self.fail('%s is not mounted' % self.plaintext_dev)
+
+
+if __name__ == '__main__':
+ unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
+ verbosity=2))
diff --git a/debian/tests/systemd-fsckd b/debian/tests/systemd-fsckd
new file mode 100755
index 0000000000000000000000000000000000000000..b71a8dc26017bdb558d42d93e550777a79004b38
--- /dev/null
+++ b/debian/tests/systemd-fsckd
@@ -0,0 +1,297 @@
+#!/usr/bin/python3
+# autopkgtest check: Ensure that systemd-fsckd can report progress and cancel
+# (C) 2015 Canonical Ltd.
+# Author: Didier Roche <didrocks@ubuntu.com>
+
+from contextlib import suppress
+import inspect
+import fileinput
+import os
+import subprocess
+import shutil
+import stat
+import sys
+import unittest
+from time import sleep, time
+
+GRUB_AUTOPKGTEST_CONFIG_PATH = "/etc/default/grub.d/50-cloudimg-settings.cfg"
+TEST_AUTOPKGTEST_CONFIG_PATH = "/etc/default/grub.d/99-fsckdtest.cfg"
+
+SYSTEMD_ETC_SYSTEM_UNIT_DIR = "/etc/systemd/system/"
+SYSTEMD_PROCESS_KILLER_PATH = os.path.join(SYSTEMD_ETC_SYSTEM_UNIT_DIR, "process-killer.service")
+
+SYSTEMD_FSCK_ROOT_PATH = "/lib/systemd/system/systemd-fsck-root.service"
+SYSTEMD_FSCK_ROOT_ENABLE_PATH = os.path.join(SYSTEMD_ETC_SYSTEM_UNIT_DIR, 'local-fs.target.wants/systemd-fsck-root.service')
+
+SYSTEM_FSCK_PATH = '/sbin/fsck'
+PROCESS_KILLER_PATH = '/sbin/process-killer'
+SAVED_FSCK_PATH = "{}.real".format(SYSTEM_FSCK_PATH)
+
+FSCKD_TIMEOUT = 30
+
+
+class FsckdTest(unittest.TestCase):
+ '''Check that we run, report and can cancel fsck'''
+
+ def __init__(self, test_name, after_reboot, return_code):
+ super().__init__(test_name)
+ self._test_name = test_name
+ self._after_reboot = after_reboot
+ self._return_code = return_code
+
+ def setUp(self):
+ super().setUp()
+ # ensure we have our root fsck enabled by default (it detects it runs in a vm and doesn't pull the target)
+ # note that it can already exists in case of a reboot (as there was no tearDown as we wanted)
+ os.makedirs(os.path.dirname(SYSTEMD_FSCK_ROOT_ENABLE_PATH), exist_ok=True)
+ with suppress(FileExistsError):
+ os.symlink(SYSTEMD_FSCK_ROOT_PATH, SYSTEMD_FSCK_ROOT_ENABLE_PATH)
+ enable_plymouth()
+
+ # note that the saved real fsck can still exists in case of a reboot (as there was no tearDown as we wanted)
+ if not os.path.isfile(SAVED_FSCK_PATH):
+ os.rename(SYSTEM_FSCK_PATH, SAVED_FSCK_PATH)
+
+ # install mock fsck and killer
+ self.install_bin(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'fsck'),
+ SYSTEM_FSCK_PATH)
+ self.install_bin(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'process-killer'),
+ PROCESS_KILLER_PATH)
+
+ self.files_to_clean = [SYSTEMD_FSCK_ROOT_ENABLE_PATH, SYSTEM_FSCK_PATH, SYSTEMD_PROCESS_KILLER_PATH, PROCESS_KILLER_PATH]
+
+ def tearDown(self):
+ # tearDown is only called once the test really ended (not while rebooting during tests)
+ for f in self.files_to_clean:
+ with suppress(FileNotFoundError):
+ os.remove(f)
+ os.rename(SAVED_FSCK_PATH, SYSTEM_FSCK_PATH)
+ super().tearDown()
+
+ def test_fsckd_run(self):
+ '''Ensure we can reboot after a fsck was processed'''
+ if not self._after_reboot:
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertFsckProceeded()
+ self.assertSystemRunning()
+
+ def test_fsckd_run_without_plymouth(self):
+ '''Ensure we can reboot without plymouth after a fsck was processed'''
+ if not self._after_reboot:
+ enable_plymouth(enable=False)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertFsckProceeded(with_plymouth=False)
+ self.assertSystemRunning()
+
+ def test_fsck_with_failure(self):
+ '''Ensure that a failing fsck doesn't prevent fsckd to stop'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('fsck')
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertWasRunning('process-killer')
+ self.assertFalse(self.is_failed_unit('process-killer'))
+ self.assertFsckProceeded()
+ self.assertSystemRunning()
+
+ def test_systemd_fsck_with_failure(self):
+ '''Ensure that a failing systemd-fsck doesn't prevent fsckd to stop'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('systemd-fsck', kill=True)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertProcessKilled()
+ self.assertTrue(self.is_failed_unit('systemd-fsck-root'))
+ self.assertWasRunning('systemd-fsckd')
+ self.assertWasRunning('plymouth-start')
+ self.assertSystemRunning()
+
+ def test_systemd_fsckd_with_failure(self):
+ '''Ensure that a failing systemd-fsckd doesn't prevent system to boot'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('systemd-fsckd', kill=True)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertProcessKilled()
+ self.assertFalse(self.is_failed_unit('systemd-fsck-root'))
+ self.assertTrue(self.is_failed_unit('systemd-fsckd'))
+ self.assertWasRunning('plymouth-start')
+ self.assertSystemRunning()
+
+ def test_systemd_fsck_with_plymouth_failure(self):
+ '''Ensure that a failing plymouth doesn't prevent fsckd to reconnect/exit'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('plymouthd', kill=True)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertWasRunning('process-killer')
+ self.assertFsckProceeded()
+ self.assertFalse(self.is_active_unit('plymouth-start'))
+ self.assertSystemRunning()
+
+ def install_bin(self, source, dest):
+ '''install mock fsck'''
+ shutil.copy2(source, dest)
+ st = os.stat(dest)
+ os.chmod(dest, st.st_mode | stat.S_IEXEC)
+
+ def is_active_unit(self, unit):
+ '''Check that given unit is active'''
+
+ return subprocess.call(['systemctl', 'status', unit],
+ stdout=subprocess.PIPE) == 0
+
+ def is_failed_unit(self, unit):
+ '''Check that given unit failed'''
+
+ p = subprocess.Popen(['systemctl', 'is-active', unit], stdout=subprocess.PIPE)
+ out, err = p.communicate()
+ if b'failed' in out:
+ return True
+ return False
+
+ def assertWasRunning(self, unit, expect_running=True):
+ '''Assert that a given unit has been running'''
+ p = subprocess.Popen(['systemctl', 'status', '--no-pager', unit],
+ stdout=subprocess.PIPE, universal_newlines=True)
+ out = p.communicate()[0].strip()
+ if expect_running:
+ self.assertRegex(out, 'Active:.*since')
+ else:
+ self.assertNotRegex(out, 'Active:.*since')
+ self.assertIn(p.returncode, (0, 3))
+
+ def assertFsckdStop(self):
+ '''Ensure systemd-fsckd stops, which indicates no more fsck activity'''
+ timeout = time() + FSCKD_TIMEOUT
+ while time() < timeout:
+ if not self.is_active_unit('systemd-fsckd'):
+ return
+ sleep(1)
+ raise Exception("systemd-fsckd still active after {}s".format(FSCKD_TIMEOUT))
+
+ def assertFsckProceeded(self, with_plymouth=True):
+ '''Assert we executed most of the fsck-related services successfully'''
+ self.assertWasRunning('systemd-fsckd')
+ self.assertFalse(self.is_failed_unit('systemd-fsckd'))
+ self.assertTrue(self.is_active_unit('systemd-fsck-root')) # remains active after exit
+ if with_plymouth:
+ self.assertWasRunning('plymouth-start')
+ else:
+ self.assertWasRunning('plymouth-start', expect_running=False)
+
+ def assertSystemRunning(self):
+ '''Assert that the system is running'''
+
+ self.assertTrue(self.is_active_unit('default.target'))
+
+ def assertProcessKilled(self):
+ '''Assert the targeted process was killed successfully'''
+ self.assertWasRunning('process-killer')
+ self.assertFalse(self.is_failed_unit('process-killer'))
+
+ def reboot(self):
+ '''Reboot the system with the current test marker'''
+ subprocess.check_call(['/tmp/autopkgtest-reboot', "{}:{}".format(self._test_name, self._return_code)])
+
+ def install_process_killer_unit(self, process_name, kill=False):
+ '''Create a systemd unit which will kill process_name'''
+ with open(SYSTEMD_PROCESS_KILLER_PATH, 'w') as f:
+ f.write('''[Unit]
+DefaultDependencies=no
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/timeout 10 {} {}
+
+[Install]
+WantedBy=systemd-fsck-root.service'''.format(PROCESS_KILLER_PATH,
+ '--signal SIGKILL {}'.format(process_name) if kill else process_name))
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+ subprocess.check_call(['systemctl', 'enable', 'process-killer'], stderr=subprocess.DEVNULL)
+
+
+def enable_plymouth(enable=True):
+ '''ensure plymouth is enabled in grub config (doesn't reboot)'''
+ plymouth_enabled = 'splash' in open('/boot/grub/grub.cfg').read()
+ if enable and not plymouth_enabled:
+ if os.path.exists(GRUB_AUTOPKGTEST_CONFIG_PATH):
+ shutil.copy2(GRUB_AUTOPKGTEST_CONFIG_PATH, TEST_AUTOPKGTEST_CONFIG_PATH)
+ for line in fileinput.input([TEST_AUTOPKGTEST_CONFIG_PATH], inplace=True):
+ if line.startswith("GRUB_CMDLINE_LINUX_DEFAULT"):
+ print(line[:line.rfind('"')] + ' splash quiet"\n')
+ else:
+ os.makedirs(os.path.dirname(TEST_AUTOPKGTEST_CONFIG_PATH), exist_ok=True)
+ with open(TEST_AUTOPKGTEST_CONFIG_PATH, 'w') as f:
+ f.write('GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0 splash quiet"\n')
+ elif not enable and plymouth_enabled:
+ with suppress(FileNotFoundError):
+ os.remove(TEST_AUTOPKGTEST_CONFIG_PATH)
+ subprocess.check_call(['update-grub'], stderr=subprocess.DEVNULL)
+
+
+def boot_with_systemd_distro():
+ '''Reboot with systemd as init and distro setup for grub'''
+ enable_plymouth()
+ subprocess.check_call(['/tmp/autopkgtest-reboot', 'systemd-started'])
+
+
+def getAllTests(unitTestClass):
+ '''get all test names in predictable sorted order from unitTestClass'''
+ return sorted([test[0] for test in inspect.getmembers(unitTestClass, predicate=inspect.isfunction)
+ if test[0].startswith('test_')])
+
+
+# ADT_REBOOT_MARK contains the test name to pursue after reboot
+# (to check results and states after reboot, mostly).
+# we append the previous global return code (0 or 1) to it.
+# Example: ADT_REBOOT_MARK=test_foo:0
+if __name__ == '__main__':
+ if os.path.exists('/run/initramfs/fsck-root'):
+ print('SKIP: root file system is being checked by initramfs already')
+ sys.exit(0)
+
+ all_tests = getAllTests(FsckdTest)
+ reboot_marker = os.getenv('ADT_REBOOT_MARK')
+
+ current_test_after_reboot = ""
+ if not reboot_marker:
+ boot_with_systemd_distro()
+
+ # first test
+ if reboot_marker == "systemd-started":
+ current_test = all_tests[0]
+ return_code = 0
+ else:
+ (current_test_after_reboot, return_code) = reboot_marker.split(':')
+ current_test = current_test_after_reboot
+ return_code = int(return_code)
+
+ # loop on remaining tests to run
+ try:
+ remaining_tests = all_tests[all_tests.index(current_test):]
+ except ValueError:
+ print("Invalid value for ADT_REBOOT_MARK, {} is not a valid test name".format(reboot_marker))
+ sys.exit(2)
+
+ # run all remaining tests
+ for test_name in remaining_tests:
+ after_reboot = False
+ # if this tests needed a reboot (and it has been performed), executes second part of it
+ if test_name == current_test_after_reboot:
+ after_reboot = True
+ suite = unittest.TestSuite()
+ suite.addTest(FsckdTest(test_name, after_reboot, return_code))
+ result = unittest.TextTestRunner(stream=sys.stdout, verbosity=2).run(suite)
+ if len(result.failures) != 0 or len(result.errors) != 0:
+ return_code = 1
+
+ sys.exit(return_code)
diff --git a/debian/tests/timedated b/debian/tests/timedated
new file mode 100755
index 0000000000000000000000000000000000000000..52df8cfc70a16547318d9034749be43d92e63064
--- /dev/null
+++ b/debian/tests/timedated
@@ -0,0 +1,136 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+ORIG_TZ=`grep -v '^#' /etc/timezone`
+echo "original tz: $ORIG_TZ"
+
+echo 'timedatectl works'
+assert_in "Local time:" "`timedatectl --no-pager`"
+
+echo 'change timezone'
+assert_eq "`timedatectl --no-pager set-timezone Europe/Moscow 2>&1`" ""
+assert_eq "`readlink /etc/localtime | sed 's#^.*zoneinfo/##'`" "Europe/Moscow"
+[ -n "$TEST_UPSTREAM" ] || assert_eq "`cat /etc/timezone`" "Europe/Moscow"
+assert_in "Time.*zone: Europe/Moscow (MSK, +" "`timedatectl --no-pager`"
+
+echo 'reset timezone to original'
+assert_eq "`timedatectl --no-pager set-timezone $ORIG_TZ 2>&1`" ""
+assert_eq "`readlink /etc/localtime | sed 's#^.*zoneinfo/##'`" "$ORIG_TZ"
+[ -n "$TEST_UPSTREAM" ] || assert_eq "`cat /etc/timezone`" "$ORIG_TZ"
+
+# test setting UTC vs. LOCAL in /etc/adjtime
+if [ -e /etc/adjtime ]; then
+ ORIG_ADJTIME=`cat /etc/adjtime`
+ trap "echo '$ORIG_ADJTIME' > /etc/adjtime" EXIT INT QUIT PIPE
+else
+ trap "rm -f /etc/adjtime" EXIT INT QUIT PIPE
+fi
+
+echo 'no adjtime file'
+rm -f /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+
+echo 'UTC set in adjtime file'
+printf '0.0 0 0\n0\nUTC\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+UTC"
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'non-zero values in adjtime file'
+printf '0.1 123 0\n0\nLOCAL\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_eq "`cat /etc/adjtime`" "0.1 123 0
+0
+UTC"
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.1 123 0
+0
+LOCAL"
+
+echo 'fourth line adjtime file'
+printf '0.0 0 0\n0\nLOCAL\nsomethingelse\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+UTC
+somethingelse"
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL
+somethingelse"
+
+echo 'no final newline in adjtime file'
+printf '0.0 0 0\n0\nUTC' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0\nUTC' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'only one line in adjtime file'
+printf '0.0 0 0\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'only one line in adjtime file, no final newline'
+printf '0.0 0 0' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'only two lines in adjtime file'
+printf '0.0 0 0\n0\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0\n' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+
+echo 'only two lines in adjtime file, no final newline'
+printf '0.0 0 0\n0' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'unknown value in 3rd line of adjtime file'
+printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
diff --git a/debian/tests/udev b/debian/tests/udev
new file mode 100755
index 0000000000000000000000000000000000000000..9ef538492f2d38438994feb3e581e81a9d9e5bde
--- /dev/null
+++ b/debian/tests/udev
@@ -0,0 +1,13 @@
+#!/bin/sh
+# autopkgtest check: Run upstream udev test script
+# (C) 2016 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+set -euC
+
+TEST_DIR=${ADTTMP:=$(mktemp -d)}
+mkdir -p $TEST_DIR/test
+test/sys-script.py $TEST_DIR/test
+cp test/udev-test.pl $TEST_DIR
+cp /usr/lib/systemd/tests/manual/test-udev $TEST_DIR
+cd $TEST_DIR
+./udev-test.pl
diff --git a/debian/tests/unit-config b/debian/tests/unit-config
new file mode 100755
index 0000000000000000000000000000000000000000..1cfa4d432ae8182760a898f0b0473355fbaec7e8
--- /dev/null
+++ b/debian/tests/unit-config
@@ -0,0 +1,369 @@
+#!/usr/bin/python3
+# autopkgtest check: enable/disable/configure units
+# (C) 2015 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+import unittest
+import subprocess
+import os
+import sys
+import tempfile
+from glob import glob
+
+system_unit_dir = subprocess.check_output(
+ ['pkg-config', '--variable=systemdsystemunitdir', 'systemd'],
+ universal_newlines=True).strip()
+systemd_sysv_install = os.path.join(os.path.dirname(system_unit_dir),
+ 'systemd-sysv-install')
+
+
+class EnableTests(unittest.TestCase):
+ def tearDown(self):
+ # remove all traces from our test unit
+ f = glob(system_unit_dir + '/test_enable*.service')
+ f += glob(system_unit_dir + '/*/test_enable*.service')
+ f += glob('/etc/systemd/system/test_enable*.service')
+ f += glob('/etc/systemd/system/*/test_enable*.service')
+ f += glob('/etc/init.d/test_enable*')
+ f += glob('/etc/rc?.d/???test_enable*')
+ [os.unlink(i) for i in f]
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ def create_unit(self, suffix='', enable=False):
+ '''Create a test unit'''
+
+ unit = os.path.join(system_unit_dir,
+ 'test_enable%s.service' % suffix)
+ with open(unit, 'w') as f:
+ f.write('''[Unit]
+Description=Testsuite unit %s
+[Service]
+ExecStart=/bin/echo hello
+[Install]
+WantedBy=multi-user.target
+''' % suffix)
+
+ if enable:
+ os.symlink(unit, '/etc/systemd/system/multi-user.target.wants/' +
+ os.path.basename(unit))
+
+ return unit
+
+ def create_sysv(self, suffix='', enable=False):
+ '''Create a test SysV script'''
+
+ script = '/etc/init.d/test_enable%s' % suffix
+ with open(script, 'w') as f:
+ f.write('''/bin/sh
+### BEGIN INIT INFO
+# Provides: test_enable%s
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Testsuite script%s
+### END INIT INFO
+
+echo hello
+''' % (suffix, suffix))
+ os.chmod(script, 0o755)
+
+ if enable:
+ subprocess.check_call(
+ [systemd_sysv_install, 'enable', os.path.basename(script)])
+
+ def assertEnabled(self, enabled, unit='test_enable.service'):
+ '''assert that given unit has expected state'''
+
+ systemctl = subprocess.Popen(['systemctl', 'is-enabled', unit],
+ stdout=subprocess.PIPE,
+ universal_newlines=True)
+ out = systemctl.communicate()[0].strip()
+ if enabled:
+ self.assertEqual(systemctl.returncode, 0)
+ self.assertEqual(out, 'enabled')
+ else:
+ self.assertEqual(systemctl.returncode, 1)
+ self.assertEqual(out, 'disabled')
+
+ def test_unit_enable(self):
+ '''no sysv: enable unit'''
+
+ self.create_unit()
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # enable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable.service'])
+ self.assertEnabled(True)
+
+ def test_unit_disable(self):
+ '''no sysv: disable unit'''
+
+ self.create_unit(enable=True)
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # disable should be idempotent
+ subprocess.check_call(['systemctl', 'disable', 'test_enable.service'])
+ self.assertEnabled(False)
+
+ def test_unit_sysv_enable(self):
+ '''with sysv: enable unit'''
+
+ self.create_unit()
+ self.create_sysv()
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # enabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l))
+ self.assertEqual(os.readlink(l[0]), '../init.d/test_enable')
+
+ # enable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable.service'])
+ self.assertEnabled(True)
+
+ def test_unit_sysv_disable(self):
+ '''with sysv: disable unit'''
+
+ self.create_unit(enable=True)
+ self.create_sysv(enable=True)
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # disabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(l, [])
+
+ # disable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable.service'])
+ self.assertEnabled(True)
+
+ def test_unit_alias_enable(self):
+ '''no sysv: enable unit with an alias'''
+
+ u = self.create_unit()
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+
+ self.assertEnabled(False)
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ self.assertEnabled(True)
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ def test_unit_alias_disable(self):
+ '''no sysv: disable unit with an alias'''
+
+ u = self.create_unit()
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+ os.symlink(system_unit_dir + '/test_enable.service',
+ '/etc/systemd/system/test_enablea.service')
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ self.assertEnabled(False)
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertFalse(os.path.islink(l))
+
+ def test_unit_sysv_alias_enable(self):
+ '''with sysv: enable unit with an alias'''
+
+ u = self.create_unit()
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+ self.create_sysv()
+
+ self.assertEnabled(False)
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # enabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l))
+ self.assertEqual(os.readlink(l[0]), '../init.d/test_enable')
+
+ self.assertEnabled(True)
+
+ def test_unit_sysv_alias_disable(self):
+ '''with sysv: disable unit with an alias'''
+
+ u = self.create_unit(enable=True)
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+ os.symlink(system_unit_dir + '/test_enable.service',
+ '/etc/systemd/system/test_enablea.service')
+ self.create_sysv(enable=True)
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertFalse(os.path.islink(l))
+
+ # disabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(l, [])
+
+ self.assertEnabled(False)
+
+ def test_sysv_enable(self):
+ '''only sysv: enable'''
+
+ self.create_sysv()
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ # enabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l))
+ self.assertEqual(os.readlink(l[0]), '../init.d/test_enable')
+
+ # enable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+ self.assertEnabled(True)
+
+ def test_sysv_disable(self):
+ '''only sysv: disable'''
+
+ self.create_sysv(enable=True)
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ # disabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(l, [])
+
+ # disable should be idempotent
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+ self.assertEnabled(False)
+
+ def test_unit_link(self):
+ '''systemctl link'''
+
+ with tempfile.NamedTemporaryFile(suffix='.service') as f:
+ f.write(b'[Unit]\n')
+ f.flush()
+ subprocess.check_call(['systemctl', 'link', f.name])
+
+ unit = os.path.basename(f.name)
+ l = os.path.join('/etc/systemd/system', unit)
+ self.assertEqual(os.readlink(l), f.name)
+
+ # disable it again
+ subprocess.check_call(['systemctl', 'disable', unit])
+ # this should also remove the unit symlink
+ self.assertFalse(os.path.islink(l))
+
+ def test_unit_enable_full_path(self):
+ '''systemctl enable a unit in a non-default path'''
+
+ with tempfile.NamedTemporaryFile(suffix='.service') as f:
+ f.write(b'''[Unit]
+Description=test
+[Service]
+ExecStart=/bin/true
+[Install]
+WantedBy=multi-user.target''')
+ f.flush()
+ unit = os.path.basename(f.name)
+
+ # now enable it
+ subprocess.check_call(['systemctl', 'enable', f.name])
+ self.assertEnabled(True, unit=unit)
+ l = os.path.join('/etc/systemd/system', unit)
+ self.assertEqual(os.readlink(l), f.name)
+ enable_l = '/etc/systemd/system/multi-user.target.wants/' + unit
+ self.assertEqual(os.readlink(enable_l), f.name)
+
+ # disable it again
+ subprocess.check_call(['systemctl', 'disable', unit])
+ # self.assertEnabled(False) does not work as now systemd does not
+ # know about the unit at all any more
+ self.assertFalse(os.path.islink(enable_l))
+ # this should also remove the unit symlink
+ self.assertFalse(os.path.islink(l))
+
+
+if __name__ == '__main__':
+ unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
+ verbosity=2))
diff --git a/debian/tests/upstream b/debian/tests/upstream
new file mode 100755
index 0000000000000000000000000000000000000000..e0cf8be0570b403c5ae764a8c6ca00e126167a5b
--- /dev/null
+++ b/debian/tests/upstream
@@ -0,0 +1,51 @@
+#!/bin/sh
+# run upstream system integration tests
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+set -e
+
+# even after installing policycoreutils this fails with
+# "Failed to install /usr/libexec/selinux/hll/pp"
+BLACKLIST="TEST-06-SELINUX"
+
+# some tests are flaky
+BLACKLIST="$BLACKLIST
+TEST-02-CRYPTSETUP
+TEST-16-EXTEND-TIMEOUT
+TEST-17-UDEV-WANTS
+"
+
+# quiesce Makefile.guess; not really relevant as systemd/nspawn run from
+# installed packages
+export BUILD_DIR=.
+
+# modify the image build scripts to install systemd from the debs instead of
+# from a "make/ninja install" as we don't have a built tree here. Also call
+# systemd-nspawn from the system.
+sed -i '/DESTDIR.* install/ s%^.*$% for p in `grep ^Package: '`pwd`'/debian/control | cut -f2 -d\\ |grep -Ev -- "-(udeb|dev)"`; do (cd /tmp; apt-get download $p \&\& dpkg-deb --fsys-tarfile ${p}[._]*deb | tar -C $initdir --dereference -x); done%; s_[^" ]*/systemd-nspawn_systemd-nspawn_g; s/\(_ninja_bin=\).*/\1dummy-ninja/' test/test-functions
+
+# adjust path
+sed -i 's_/usr/libexec/selinux/hll/pp_/usr/lib/selinux/hll/pp_' test/TEST-06-SELINUX/test.sh
+
+FAILED=""
+
+for t in test/TEST*; do
+ echo "$BLACKLIST" | grep -q "$(basename $t)" && continue
+ echo "========== `basename $t` =========="
+ rm -rf /var/tmp/systemd-test.*
+ if ! make -C $t setup run clean; then
+ for j in /var/tmp/systemd-test.*/journal/*; do
+ [ -e "$j" ] || continue
+ # keep the entire journal in artifacts, in case one needs the debug messages
+ cp -r "$j" "$AUTOPKGTEST_ARTIFACTS/$(basename $t)-$(basename $j)"
+ echo "---- $j ----"
+ journalctl --priority=warning --directory=$j
+ done
+ FAILED="$FAILED $t"
+ fi
+ echo
+done
+
+if [ -n "$FAILED" ]; then
+ echo FAILED TESTS: "$FAILED"
+ exit 1
+fi
diff --git a/debian/udev-udeb.dirs b/debian/udev-udeb.dirs
new file mode 100644
index 0000000000000000000000000000000000000000..eeba23d8c8780362fcb6181787475ec5b00e4f86
--- /dev/null
+++ b/debian/udev-udeb.dirs
@@ -0,0 +1 @@
+/etc/udev/rules.d/
diff --git a/debian/udev-udeb.install b/debian/udev-udeb.install
new file mode 100644
index 0000000000000000000000000000000000000000..0e9ff407b590aa33bff650d48335df3e1a0fd0da
--- /dev/null
+++ b/debian/udev-udeb.install
@@ -0,0 +1,20 @@
+lib/systemd/network/99-default.link
+lib/systemd/systemd-udevd
+bin/udevadm
+lib/udev/ata_id
+lib/udev/scsi_id
+lib/udev/cdrom_id
+lib/udev/rules.d/50-udev-default.rules
+lib/udev/rules.d/60-cdrom_id.rules
+lib/udev/rules.d/60-input-id.rules
+lib/udev/rules.d/60-persistent-input.rules
+lib/udev/rules.d/60-persistent-storage.rules
+lib/udev/rules.d/64-btrfs.rules
+lib/udev/rules.d/75-net-description.rules
+lib/udev/rules.d/75-probe_mtd.rules
+lib/udev/rules.d/80-drivers.rules
+lib/udev/rules.d/80-net-setup-link.rules
+../../extra/rules/50-firmware.rules lib/udev/rules.d/
+../../extra/rules/73-special-net-names.rules lib/udev/rules.d/
+../../extra/rules/73-usb-net-by-mac.rules lib/udev/rules.d/
+../../extra/start-udev lib/debian-installer/
diff --git a/debian/udev.NEWS b/debian/udev.NEWS
new file mode 100644
index 0000000000000000000000000000000000000000..abca3dde1c1d866b8f56b097c81c786b8c417bb2
--- /dev/null
+++ b/debian/udev.NEWS
@@ -0,0 +1,15 @@
+systemd (220-7) unstable; urgency=medium
+
+ The mechanism for providing stable network interface names changed.
+ Previously they were kept in /etc/udev/rules.d/70-persistent-net.rules
+ which mapped device MAC addresses to the (arbitrary) name they got when
+ they first appeared (i. e. mostly at the time of installation). As this
+ had several problems and is not supported any more, this is deprecated in
+ favor of the "net.ifnames" mechanism. With this most of your network
+ interfaces will get location-based names. If you have ifupdown, firewall,
+ or other configuration that relies on the old names, you need to update
+ these by Debian 10/Ubuntu 18.04 LTS, and then remove
+ /etc/udev/rules.d/70-persistent-net.rules. Please see
+ /usr/share/doc/udev/README.Debian.gz for details about this.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 15 Jun 2015 15:30:29 +0200
diff --git a/debian/udev.README.Debian b/debian/udev.README.Debian
new file mode 100644
index 0000000000000000000000000000000000000000..b008fe1999056aff02c9796ab950ed782ced5466
--- /dev/null
+++ b/debian/udev.README.Debian
@@ -0,0 +1,149 @@
+This documents udev integration Debian specifics. Please see man udev(7) and
+its referenced manpages for general documentation.
+
+Network interface naming
+~~~~~~~~~~~~~~~~~~~~~~~~
+Since version 197 udev has a builtin persistent name generator which checks
+firmware/BIOS provided index numbers or slot names (similar to biosdevname),
+falls back to slot names (PCI numbers, etc., in the spirit of
+/dev/disks/by-path/), and then optionally falls back to MAC address, and
+generates names based on these properties. This provides "location oriented"
+names for PCI cards such as "enp0s1" for ethernet, or wlp1s0" for a WIFI card
+so that replacing a broken network card does not change the name (as long
+as the new card is fitted into the bus in the old card's slot.) As location
+based naming does not work well for USB devices, these use a MAC based naming
+schema (see /lib/udev/rules.d/73-usb-net-by-mac.rules).
+
+This has been enabled by default since udev 220-7, which affects new
+installations/hardware. Existing installations/hardware which already got
+covered by the old 75-persistent-net-generator.rules may keep their existing
+interface names until the release of Debian 10 / Ubuntu 18.04 LTS; see
+below.
+
+You can disable these stable names and go back to the kernel-provided ones
+(which don't have a stable order) in one of two ways:
+
+ - Put "net.ifnames=0" into the kernel command line (e. g. in
+ /etc/default/grub's GRUB_CMDLINE_LINUX_DEFAULT, then run "update-grub").
+
+ - Disable the default *.link rules with
+ "ln -s /dev/null /etc/systemd/network/99-default.link"
+ and rebuild the initrd with "update-initramfs -u".
+
+See this page for more information:
+http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
+
+Legacy persistent network interface naming
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Debian releases up to 8 ("Jessie") and Ubuntu up to 15.04 had an udev rule
+/lib/udev/rules.d/75-persistent-net-generator.rules which fixed the name of a
+network interface that it got when its MAC address first appeared in a
+dynamically created /etc/udev/rules.d/70-persistent-net.rules file.
+
+This had inherent race conditions (which sometimes caused collisions and
+interface names like "rename1"), required having to write state into /etc
+(which isn't possible for read-only root), and did not work in virtualized
+environments.
+
+This old schema is deprecated in Debian 9 ("Stretch"), and will not
+be supported any more in Debian 10.
+
+Migration to the current network interface naming scheme
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Interface names must be be manually migrated to the new naming scheme before
+upgrading to Debian 10 / Ubuntu 18.04 LTS. If you rely on the old names in
+custom ifupdown stanzas, firewall scripts, or other networking configuration,
+these will eventually need to be updated to the new names.
+
+WARNING: This process may render your machine inaccessible through ssh. Be sure
+to have physical or serial console access to the machine or a way to revert to
+your existing configuration.
+
+First, determine all relevant network interface names: those in
+/etc/udev/rules.d/70-persistent-net.rules, or if that does not exist (in
+the case of virtual machines), in "ip link" or /sys/class/net/.
+
+Then for every interface name use a command like
+
+ grep -r eth0 /etc
+
+to find out where it is being used.
+
+Then on "real hardware" machines, rename the file to
+70-persistent-net.rules.old; alternately, if you have multiple interfaces,
+instead of renaming you may wish to comment out specific lines to convert a
+single interface at a time.
+
+On VMs remove the files /etc/systemd/network/99-default.link and
+/etc/systemd/network/50-virtio-kernel-names.link (the latter only exists on VMs
+that use virtio network devices).
+
+Rebuild the initrd with
+
+ update-initramfs -u
+
+and reboot. Then your system should have a new network interface name (or
+names). Adjust configuration files as discovered with the grep above, and test
+your system.
+
+Repeat for each network interface name, as necessary.
+
+Custom net interface naming
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+In some cases it is convenient to define your own specific names for network
+interfaces. These can be customized in two different ways:
+
+ * You can create your own names via *.link files (see systemd.link(5)) based
+ on hardware properties. For example, /etc/systemd/network/10-dmz.link:
+
+ ------------ snip ------------
+ [Match]
+ MACAddress=11:22:aa:bb:cc:33
+
+ [Link]
+ Name=eth-dmz
+ ------------ snip ------------
+
+ * If you need attributes that link files don't expose, or you need more
+ powerful pattern matching, you can create udev rules (see udev(7))
+ like /etc/udev/rules.d/76-netnames.rules:
+
+ ------------ snip ------------
+ # identify by vendor/model ID
+ SUBSYSTEM=="net", ACTION=="add", ENV{ID_VENDOR_ID}=="0x8086", \
+ ENV{ID_MODEL_ID}=="0x1502", NAME="eth-intel-gb"
+
+ # USB device by path
+ # get ID_PATH if not present yet
+ ENV{ID_PATH}=="", IMPORT{builtin}="path_id"
+ SUBSYSTEM=="net", ACTION=="add", ENV{ID_PATH}=="*-usb-0:3:1*", NAME="eth-blue-hub"
+ ------------ snip ----------
+
+ The name of the rules file needs to have a prefix smaller than "80" so that
+ it runs before /lib/udev/rules.d/80-net-setup-link.rules, and should have a
+ prefix bigger than "75" so that it runs after 75-net-description.rules and
+ thus you can use matches on ID_VENDOR and similar properties.
+
+ * Unless you disabled net.ifnames, you can change the policy
+ (kernel/bios/path/MAC based naming) in an /etc/systemd/network/*.link file,
+ for individual devices or entire device classes. See man systemd.link(5) for
+ details about this. /lib/systemd/network/99-default.link is the default
+ policy. Note that /lib/udev/rules.d/73-usb-net-by-mac.rules uses MAC based
+ names for USB devices.
+
+Any of the above changes require an initrd update with "update-initramfs -u" to
+get effective.
+
+Using udev with LDAP or NIS
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+If the rules files reference usernames or groups not present in the
+/etc/{passwd,group} files and the system is configured to use a
+network-based database like LDAP or NIS then udev may fail at boot time
+because users and groups are looked up well before the network has been
+initialized.
+A possible solution is to configure /etc/nsswitch.conf like this:
+
+ passwd: files ldap [UNAVAIL=return]
+ group: files ldap [UNAVAIL=return]
+
+The nsswitch.conf syntax is documented in the glibc manual.
diff --git a/debian/udev.bug-control b/debian/udev.bug-control
new file mode 100644
index 0000000000000000000000000000000000000000..3134261da1b0824aac4b6c3da824d949c95c9e7b
--- /dev/null
+++ b/debian/udev.bug-control
@@ -0,0 +1 @@
+package-status: systemd
diff --git a/debian/udev.bug-script b/debian/udev.bug-script
new file mode 100644
index 0000000000000000000000000000000000000000..97f56f1541fef3795ce3f2b05612d271639b8e87
--- /dev/null
+++ b/debian/udev.bug-script
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# We don’t clean up this directory because there is no way to know when
+# reportbug finished running, and reportbug needs the files around.
+# Given that those are just a couple of kilobytes in size and people
+# generally don’t file a lot of bugs, I don’t think it’s a big deal.
+DIR=$(mktemp -d)
+
+echo "-- BEGIN ATTACHMENTS --" >&3
+
+udevadm info --export-db >$DIR/udev-database.txt
+echo "$DIR/udev-database.txt" >&3
+
+echo "-- END ATTACHMENTS --" >&3
diff --git a/debian/udev.init b/debian/udev.init
new file mode 100644
index 0000000000000000000000000000000000000000..6a3c9b3926fc36fe02355de4591b01d8a48140ba
--- /dev/null
+++ b/debian/udev.init
@@ -0,0 +1,254 @@
+#!/bin/sh -e
+### BEGIN INIT INFO
+# Provides: udev
+# Required-Start: mountkernfs
+# Required-Stop: umountroot
+# Default-Start: S
+# Default-Stop: 0 6
+# Short-Description: Start systemd-udevd, populate /dev and load drivers.
+### END INIT INFO
+
+PATH="/sbin:/bin"
+NAME="systemd-udevd"
+DAEMON="/lib/systemd/systemd-udevd"
+DESC="hotplug events dispatcher"
+PIDFILE="/run/udev.pid"
+CTRLFILE="/run/udev/control"
+OMITDIR="/run/sendsigs.omit.d"
+
+# we need to unmount /dev/pts/ and remount it later over the devtmpfs
+unmount_devpts() {
+ if mountpoint -q /dev/pts/; then
+ umount -n -l /dev/pts/
+ fi
+
+ if mountpoint -q /dev/shm/; then
+ umount -n -l /dev/shm/
+ fi
+}
+
+# mount a devtmpfs over /dev, if somebody did not already do it
+mount_devtmpfs() {
+ if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
+ mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev
+ return
+ fi
+
+ if ! mount -n -o nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev; then
+ log_failure_msg "udev requires devtmpfs support, not started"
+ log_end_msg 1
+ fi
+
+ return 0
+}
+
+create_dev_makedev() {
+ if [ -e /sbin/MAKEDEV ]; then
+ ln -sf /sbin/MAKEDEV /dev/MAKEDEV
+ else
+ ln -sf /bin/true /dev/MAKEDEV
+ fi
+}
+
+# shell version of /usr/bin/tty
+my_tty() {
+ [ -x /bin/readlink ] || return 0
+ [ -e /proc/self/fd/0 ] || return 0
+ readlink --silent /proc/self/fd/0 || true
+}
+
+warn_if_interactive() {
+ if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then
+ return
+ fi
+
+ TTY=$(my_tty)
+ if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then
+ return
+ fi
+
+ printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n"
+ printf "has been run from an interactive shell.\n"
+ printf "It will probably not do what you expect, so this script will wait\n"
+ printf "60 seconds before continuing. Press ^C to stop it.\n"
+ printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n"
+ sleep 60
+}
+
+make_static_nodes() {
+ [ -e /lib/modules/$(uname -r)/modules.devname ] || return 0
+ [ -x /bin/kmod ] || return 0
+
+ /bin/kmod static-nodes --format=tmpfiles --output=/proc/self/fd/1 | \
+ while read type name mode uid gid age arg; do
+ [ -e $name ] && continue
+ case "$type" in
+ c|b|c!|b!) mknod -m $mode $name $type $(echo $arg | sed 's/:/ /') ;;
+ d|d!) mkdir $name ;;
+ *) echo "unparseable line ($type $name $mode $uid $gid $age $arg)" >&2 ;;
+ esac
+
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $name
+ fi
+ done
+}
+
+
+##############################################################################
+
+
+[ -x $DAEMON ] || exit 0
+
+# defaults
+tmpfs_size="10M"
+
+if [ -e /etc/udev/udev.conf ]; then
+ . /etc/udev/udev.conf
+fi
+
+. /lib/lsb/init-functions
+
+if [ ! -e /proc/filesystems ]; then
+ log_failure_msg "udev requires a mounted procfs, not started"
+ log_end_msg 1
+fi
+
+if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then
+ log_failure_msg "udev requires devtmpfs support, not started"
+ log_end_msg 1
+fi
+
+if [ ! -d /sys/class/ ]; then
+ log_failure_msg "udev requires a mounted sysfs, not started"
+ log_end_msg 1
+fi
+
+if [ ! -w /sys ]; then
+ log_warning_msg "udev does not support containers, not started"
+ exit 0
+fi
+
+if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || \
+ [ -e /sys/block -a ! -e /sys/class/block ]; then
+ log_warning_msg "CONFIG_SYSFS_DEPRECATED must not be selected"
+ log_warning_msg "Booting will continue in 30 seconds but many things will be broken"
+ sleep 30
+fi
+
+# When modifying this script, do not forget that between the time that the
+# new /dev has been mounted and udevadm trigger has been run there will be
+# no /dev/null. This also means that you cannot use the "&" shell command.
+
+case "$1" in
+ start)
+ if [ ! -e "/run/udev/" ]; then
+ warn_if_interactive
+ fi
+
+ if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+ fi
+
+ if ! mountpoint -q /dev/; then
+ unmount_devpts
+ mount_devtmpfs
+ [ -d /proc/1 ] || mount -n /proc
+ fi
+
+ make_static_nodes
+
+ # clean up parts of the database created by the initramfs udev
+ udevadm info --cleanup-db
+
+ # set the SELinux context for devices created in the initramfs
+ [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev
+
+ log_daemon_msg "Starting $DESC" "$NAME"
+ if start-stop-daemon --start --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile; then
+ # prevents udevd to be killed by sendsigs (see #791944)
+ mkdir -p $OMITDIR
+ ln -sf $PIDFILE $OMITDIR/$NAME
+ log_end_msg $?
+ else
+ log_warning_msg $?
+ log_warning_msg "Waiting 15 seconds and trying to continue anyway"
+ sleep 15
+ fi
+
+ log_action_begin_msg "Synthesizing the initial hotplug events (subsystems)"
+ if udevadm trigger --type=subsystems --action=add; then
+ log_action_end_msg $?
+ else
+ log_action_end_msg $?
+ fi
+ log_action_begin_msg "Synthesizing the initial hotplug events (devices)"
+ if udevadm trigger --type=devices --action=add; then
+ log_action_end_msg $?
+ else
+ log_action_end_msg $?
+ fi
+
+ create_dev_makedev
+
+ # wait for the systemd-udevd childs to finish
+ log_action_begin_msg "Waiting for /dev to be fully populated"
+ if udevadm settle; then
+ log_action_end_msg 0
+ else
+ log_action_end_msg 0 'timeout'
+ fi
+ ;;
+
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ if start-stop-daemon --stop --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
+ # prevents cryptsetup/dmsetup hangs (see #791944)
+ rm -f $CTRLFILE
+ log_end_msg $?
+ else
+ log_end_msg $?
+ fi
+ ;;
+
+ restart)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ if start-stop-daemon --stop --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
+ # prevents cryptsetup/dmsetup hangs (see #791944)
+ rm -f $CTRLFILE
+ log_end_msg $?
+ else
+ log_end_msg $? || true
+ fi
+
+ log_daemon_msg "Starting $DESC" "$NAME"
+ if start-stop-daemon --start --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile; then
+ # prevents udevd to be killed by sendsigs (see #791944)
+ mkdir -p $OMITDIR
+ ln -sf $PIDFILE $OMITDIR/$NAME
+ log_end_msg $?
+ else
+ log_end_msg $?
+ fi
+ ;;
+
+ reload|force-reload)
+ udevadm control --reload-rules
+ ;;
+
+ status)
+ status_of_proc $DAEMON $NAME && exit 0 || exit $?
+ ;;
+
+ *)
+ echo "Usage: /etc/init.d/udev {start|stop|restart|reload|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
diff --git a/debian/udev.install b/debian/udev.install
new file mode 100644
index 0000000000000000000000000000000000000000..b0ab649fbf4d9548e745ed51e7e447272acb334d
--- /dev/null
+++ b/debian/udev.install
@@ -0,0 +1,24 @@
+etc/udev/
+lib/udev/*
+lib/systemd/network/*.link
+lib/systemd/system/systemd-udev*
+lib/systemd/system/systemd-hwdb*
+lib/systemd/system/*.target.wants/systemd-udev*
+lib/systemd/system/*.target.wants/*hwdb*
+lib/systemd/systemd-udevd
+bin/udevadm
+bin/systemd-hwdb
+usr/share/man/man5/udev.conf.5
+usr/share/man/man5/systemd.link.5
+usr/share/man/man7/hwdb.7
+usr/share/man/man7/udev.7
+usr/share/man/man8/systemd-hwdb*
+usr/share/man/man8/systemd-udevd*
+usr/share/man/man8/udevadm.8
+usr/share/bash-completion/completions/udevadm
+usr/share/zsh/vendor-completions/_udevadm
+usr/share/pkgconfig/udev.pc
+../../extra/initramfs-tools usr/share/
+../../extra/rules/*.rules lib/udev/rules.d/
+#../../extra/*.hwdb lib/udev/hwdb.d/
+../../extra/fbdev-blacklist.conf lib/modprobe.d/
diff --git a/debian/udev.links b/debian/udev.links
new file mode 100644
index 0000000000000000000000000000000000000000..d0ac5ee4717217221ee2aad519793303db60da5c
--- /dev/null
+++ b/debian/udev.links
@@ -0,0 +1,2 @@
+/lib/systemd/system/systemd-udevd.service /lib/systemd/system/udev.service
+/bin/udevadm /sbin/udevadm
diff --git a/debian/udev.maintscript b/debian/udev.maintscript
new file mode 100644
index 0000000000000000000000000000000000000000..da7cfb6fec1ec945427f8b25aba2b9d2dc538267
--- /dev/null
+++ b/debian/udev.maintscript
@@ -0,0 +1,8 @@
+rm_conffile /etc/init.d/udev-finish 226-1~
+rm_conffile /etc/init/udev-finish.conf 226-1~
+rm_conffile /etc/init/udev-fallback-graphics.conf 226-1~
+symlink_to_dir /usr/share/doc/udev libudev1 221-2~
+rm_conffile /etc/modprobe.d/fbdev-blacklist.conf 229-6~
+rm_conffile /etc/init/udev.conf 233-1~
+rm_conffile /etc/init/udevmonitor.conf 233-1~
+rm_conffile /etc/init/udevtrigger.conf 233-1~
diff --git a/debian/udev.postinst b/debian/udev.postinst
new file mode 100644
index 0000000000000000000000000000000000000000..d18a8de7d1ed44ce9172c00c9dbf52132184f3ed
--- /dev/null
+++ b/debian/udev.postinst
@@ -0,0 +1,136 @@
+#!/bin/sh -e
+
+chrooted() {
+ if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ];
+ then
+ # the devicenumber/inode pair of / is the same as that of /sbin/init's
+ # root, so we're *not* in a chroot and hence return false.
+ return 1
+ fi
+ echo "A chroot environment has been detected, udev not started."
+ return 0
+}
+
+in_debootstrap() {
+ # debootstrap --second-stage may be run in an emulator instead of a chroot,
+ # we need to check for this special case because start-stop-daemon would
+ # not be available. (#520742)
+ if [ -d /debootstrap/ ]; then
+ echo "Being installed by debootstrap, udev not started."
+ return 0
+ fi
+ return 1
+}
+
+can_start_udevd() {
+ if [ ! -d /sys/class/ ]; then
+ echo "udev requires a mounted sysfs, not started."
+ return 1
+ fi
+ return 0
+}
+
+enable_udev() {
+ can_start_udevd || return 0
+ invoke-rc.d udev start
+}
+
+update_initramfs() {
+ [ -x /usr/sbin/update-initramfs -a -e /etc/initramfs-tools/initramfs.conf ] \
+ || return 0
+ update-initramfs -u
+}
+
+upgrade_fixes() {
+ if dpkg --compare-versions "$2" lt "226-1"; then
+ update-rc.d udev-finish remove
+ fi
+
+ # we enabled net.ifnames in 220-7 by default; don't change iface names in
+ # virtualized envs (where 75-persistent-net-generator.rules didn't work)
+ if dpkg --compare-versions "$2" lt-nl "220-7~" &&
+ [ ! -e /etc/udev/rules.d/70-persistent-net.rules ] &&
+ [ ! -e /etc/udev/rules.d/80-net-setup-link.rules ] &&
+ [ ! -e /etc/systemd/network/99-default.link ] &&
+ [ ! -L /etc/systemd/network/99-default.link ] &&
+ ! grep -q net.ifnames /proc/cmdline && ! chrooted; then
+ mkdir -p /etc/systemd/network
+ cat <<EOF > /etc/systemd/network/99-default.link
+# This machine is most likely a virtualized guest, where the old persistent
+# network interface mechanism (75-persistent-net-generator.rules) did not work.
+# This file disables /lib/systemd/network/99-default.link to avoid
+# changing network interface names on upgrade. Please read
+# /usr/share/doc/udev/README.Debian.gz about how to migrate to the currently
+# supported mechanism.
+EOF
+ fi
+
+ # 226 introduced predictable interface names for virtio
+ # (https://github.com/systemd/systemd/pull/1119); disable for upgrades
+ if dpkg --compare-versions "$2" lt-nl "226-2~" &&
+ [ ! -e /etc/systemd/network/50-virtio-kernel-names.link ] &&
+ ls -d /sys/bus/virtio/drivers/virtio_net/virt* >/dev/null 2>&1; then
+ echo "virtio network devices detected, disabling predictable interface names in /etc/systemd/network/50-virtio-kernel-names.link"
+ mkdir -p /etc/systemd/network/
+ cat <<EOF > /etc/systemd/network/50-virtio-kernel-names.link
+# udev 226 introduced predictable interface names for virtio;
+# disable this for upgrades. You can remove this file if you update your
+# network configuration to move to the ens* names instead.
+# See /usr/share/doc/udev/README.Debian.gz for details about predictable
+# network interface names.
+[Match]
+Driver=virtio_net
+
+[Link]
+NamePolicy=onboard kernel
+EOF
+ fi
+
+ # new Default-Stop (see #791944)
+ if dpkg --compare-versions "$2" lt-nl "239-8"; then
+ update-rc.d -f udev remove
+ fi
+}
+
+update_hwdb() {
+ systemd-hwdb --usr update || true
+}
+
+case "$1" in
+ configure)
+ # update/create hwdb before we (re)start udev
+ update_hwdb
+
+ # Add new system group used by udev rules
+ addgroup --quiet --system input
+
+ # Make /dev/kvm accessible to kvm group
+ addgroup --quiet --system kvm
+
+ if [ -z "$2" ]; then # first install
+ if ! chrooted && ! in_debootstrap; then
+ enable_udev
+ fi
+ else # upgrades
+ upgrade_fixes "$@"
+ if ! chrooted; then
+ if can_start_udevd; then
+ if [ -d /run/systemd/system ] ; then
+ systemctl daemon-reload || true
+ fi
+ invoke-rc.d udev restart
+ fi
+ fi
+ fi
+
+ update_initramfs
+ ;;
+
+ triggered)
+ update_hwdb
+ exit 0
+ ;;
+esac
+
+#DEBHELPER#
+
diff --git a/debian/udev.postrm b/debian/udev.postrm
new file mode 100644
index 0000000000000000000000000000000000000000..8658f764cade2ba404c254e649ef7b26a83c34b6
--- /dev/null
+++ b/debian/udev.postrm
@@ -0,0 +1,12 @@
+#!/bin/sh -e
+
+case "$1" in
+ purge)
+ rm -f /etc/udev/rules.d/70-persistent-*.rules
+ rmdir --ignore-fail-on-non-empty /etc/udev/rules.d/ 2> /dev/null || true
+ rm -f /lib/udev/hwdb.bin
+ rm -f /var/log/udev
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/udev.preinst b/debian/udev.preinst
new file mode 100644
index 0000000000000000000000000000000000000000..b24d9da1e15b9404c344f7768804574015c053e9
--- /dev/null
+++ b/debian/udev.preinst
@@ -0,0 +1,81 @@
+#!/bin/sh -e
+
+# adapted from postinst
+chrooted() {
+ if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ];
+ then
+ return 1
+ fi
+ return 0
+}
+
+check_kernel_features() {
+ # skip the check if udev is not already active
+ [ -d /run/udev/ ] || return 0
+
+ if [ -e /proc/kallsyms ]; then
+
+ local needed_symbols='inotify_init signalfd accept4 open_by_handle_at timerfd_create epoll_create'
+ for symbol in $needed_symbols; do
+ if ! egrep -q "^[a-fA-F0-9]+ T \.?sys_${symbol}$" /proc/kallsyms; then
+ cat <<END
+Since release 198, udev requires support for the following features in
+the running kernel:
+
+- inotify(2) (CONFIG_INOTIFY_USER)
+- signalfd(2) (CONFIG_SIGNALFD)
+- accept4(2)
+- open_by_handle_at(2) (CONFIG_FHANDLE)
+- timerfd_create(2) (CONFIG_TIMERFD)
+- epoll_create(2) (CONFIG_EPOLL)
+END
+ exit 1
+ fi
+ done
+
+ fi
+
+ if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then
+ cat <<END
+Since release 176, udev requires support for the following features in
+the running kernel:
+
+- devtmpfs (CONFIG_DEVTMPFS)
+END
+ exit 1
+ fi
+
+ if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] ||
+ [ -e /sys/block -a ! -e /sys/class/block ]; then
+ cat <<END
+The currently running kernel has the CONFIG_SYSFS_DEPRECATED option
+enabled, which is incompatible with udev.
+END
+ exit 1
+ fi
+}
+
+check_version() {
+ # $2 is non-empty when installing from the "config-files" state
+ [ -n "$2" ] || return 0
+
+ if dpkg --compare-versions $2 lt 204-4; then
+ # these must be checked first to allow aborting before changing anything
+ if chrooted; then
+ echo 'Running in a chroot, skipping the kernel versions checks!'
+ else
+ check_kernel_features
+ # suppress errors when the new rules files contain options not supported by
+ # the old daemon
+ udevadm control --log-priority=0 || true
+ fi
+ fi # 204-4
+}
+
+case "$1" in
+ install|upgrade|abort-upgrade)
+ check_version "$@"
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/udev.prerm b/debian/udev.prerm
new file mode 100644
index 0000000000000000000000000000000000000000..7eac286607dfafb0fd57f03237bfc82fdb0d3c55
--- /dev/null
+++ b/debian/udev.prerm
@@ -0,0 +1,30 @@
+#!/bin/sh -e
+
+# adapted from postinst
+chrooted() {
+ if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ];
+ then
+ return 1
+ fi
+ return 0
+}
+
+kill_udevd() {
+ if [ -d /run/systemd/system ]; then
+ systemctl stop systemd-udevd-control.socket systemd-udevd-kernel.socket
+ systemctl stop systemd-udevd.service
+ else
+ invoke-rc.d udev stop
+ fi
+}
+
+case "$1" in
+ remove)
+ if ! chrooted; then
+ kill_udevd
+ fi
+ ;;
+esac
+
+#DEBHELPER#
+
diff --git a/debian/udev.triggers b/debian/udev.triggers
new file mode 100644
index 0000000000000000000000000000000000000000..7f814f051b842f122eb85ad6684079b0a8166de6
--- /dev/null
+++ b/debian/udev.triggers
@@ -0,0 +1 @@
+interest-noawait /lib/udev/hwdb.d
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000000000000000000000000000000000000..4dd34402f61fde50a3d33cb726fb9797664f4e55
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=3
+opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/systemd-$1\.tar\.gz/ \
+ https://github.com/systemd/systemd/tags .*/v?(\d\S*)\.tar\.gz